Credit reporting giant TransUnion has confirmed a major data breach involving the personal information of 4.4 million customers. The incident, which occurred on July 28, stems from unauthorized access to a third-party application utilized for U.S. consumer support operations.
The Scope of the Compromised Data
While TransUnion initially claimed that no credit information was accessed, official filings tell a more concerning story. According to a data breach disclosure filed with the Texas attorney general’s office, the stolen data includes sensitive identifiers such as full names, dates of birth, and Social Security numbers.
The company first acknowledged the breach in a filing with the Maine attorney general on Thursday. Despite the severity of the leak, TransUnion representatives have declined to provide further details regarding the specific nature of the compromised records or the mechanics of the security failure.
A Growing Trend of Corporate Hacks
TransUnion maintains the financial data of over 260 million Americans, making it one of the largest credit reporting agencies in the United States. This breach is part of a broader wave of cyberattacks targeting major industries, including insurance, retail, and transportation.
Recent incidents have hit high-profile companies such as Google, Cisco, Allianz Life, and Workday, many of which involved data stored in Salesforce-hosted cloud databases. Notably, Google identified the extortion group “ShinyHunters” as the actor behind several of these recent attacks. Currently, it remains unconfirmed whether the same group is responsible for the TransUnion breach or if any ransom demands have been issued.