Update: Story updated with confirmation that this was another Salesforce data theft attack and the types of data stolen.
Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it’s Salesforce account.
TransUnion is one of the three major credit bureaus in the United States, alongside Equifax and Experian. It operates in 30 countries, employs 13,000 staff, and has an annual revenue of $3 billion.
It collects and maintains credit information on over 1 billion consumers worldwide, with approximately 200 million of those based in the U.S. This information is shared with 65,000 businesses, including lenders, insurers, and employers.
According to a filing submitted to the Office of the Maine AG, the breach occurred on July 28, 2025, and was discovered two days later.
A sample of the notifications distributed to impacted clients earlier this week specifies that the incident involved a third-party application serving the company’s consumer support operations.
“We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations,” reads the data breach notice.
“The unauthorized access includes some limited personal information belonging to you.”
The data exposed in this incident was “limited” according to the company, although what exactly it might entail hasn’t been specified in the sample notification.
Instead, the letter underlines that no credit reports or core credit information were exposed in this incident.
TransUnion is now offering those impacted 24 months of free credit monitoring and identity theft protection services.
A wave of Salesforce data theft attacks has impacted numerous companies this year, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas.
These attacks have been conducted by the Shiny Hunters extortion group, and more recently, by a cluster tracked as UNC6395.
After publishing this story, BleepingComputer confirmed with two sources, including ShinyHunters, that TransUnion’s data breach is linked to these Salesforce attacks.
The threat actor claims that the stolen data consists of over 13 million records, with 4.4 million records related to people in the US.
A sample of the stolen data shared with BleepingComputer contains quite a lot of sensitive personal information, including names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security Numbers of TransUnion customers.
The data also includes the reason for the customer transaction, such as a request for a free credit report.
In addition to customer data, the threat actors also claim to have stolen customer support tickets and messages that were stored in Salesforce.
BleepingComputer contacted TransUnion with further questions about this breach, and we will update this article if we receive a response.
Two years ago, a threat actor claimed a data breach at TransUnion, which the company rejected, saying that the data had been stolen from a third party.
In previous years, the company’s South African and Canadian branches suffered cybersecurity breaches that exposed customer information.
Update 8/28/26 2:13 PM ET: Added information about the types of data stolen from TransUnion’s Salesforce instance.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.