TransUnion, one of the nation’s three major credit reporting agencies, has confirmed a cyberattack that exposed sensitive personal information for more than 4.4 million U.S. consumers. The incident, discovered on July 30, traces back to vulnerabilities in a third-party application used in TransUnion’s consumer support operations.

How the Breach Happened

According to TransUnion, attackers exploited flaws in a Salesforce-connected application, part of a broader wave of incidents targeting major organizations in recent months. Investigators say groups including ShinyHunters and UNC6395 have been probing OAuth tokens and app integrations to bypass traditional defenses.

In TransUnion’s case, the intrusion occurred on July 28 and was contained within hours once detected. The company stressed that its “core credit database” was not compromised. Instead, the breach was limited to data flowing through a customer service tool.

What Consumers Experienced

Impacted individuals learned that their names, dates of birth, email and mailing addresses, phone numbers, and unredacted Social Security numbers were accessed. In some cases, records also included details of why they contacted TransUnion, such as support ticket notes.

For consumers, that meant seeing highly personal details disclosed in breach notification letters. While credit files themselves were not taken, the combination of Social Security numbers and contact information poses a serious risk of identity theft and fraud.

To address these concerns, TransUnion is offering two years of free credit monitoring and identity protection through Cyberscout. Regulators in states including Maine and Texas have begun receiving formal notifications, and several law firms are already investigating potential class-action claims.

Why It Matters

The breach highlights an increasingly common weak point: third-party software integrations. Even when core databases remain secure, attackers can exploit the wider network of connected applications that process consumer data.

This echoes lessons from the 2017 Equifax breach, which exposed 147 million records and reshaped the conversation around credit bureau security. While smaller in scale, the TransUnion incident underscores how the security of financial infrastructure depends not only on internal defenses but also on the resilience of vendors and partners.

The Takeaway

For millions of Americans, the immediate concern is safeguarding against fraud. Experts recommend placing credit freezes, monitoring accounts closely, and treating emails or calls with heightened suspicion, as exposed details could fuel targeted phishing campaigns.

The post TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App appeared first on Centraleyes.

*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/transunion-data-breach-exposes-4-5-million-records/