Credit reporting giant TransUnion has revealed a major data breach that compromised the personal information of more than 4.4 million customers.
According to a filing submitted to the Maine attorney general’s office on Thursday, the incident was traced back to unauthorized access of a third-party application that stored sensitive customer data. The breach occurred on July 28, raising serious concerns about the security of information held by one of the nation’s largest credit reporting agencies.
TransUnion emphasized in its disclosure that “no credit information was accessed.” However, the company has yet to provide evidence supporting this claim, and the notice failed to specify exactly which categories of personal information were stolen. When reached for comment, David Blumberg, a spokesperson for TransUnion, did not immediately respond to inquiries.
As one of the three major U.S. credit reporting agencies, TransUnion manages financial data on more than 260 million Americans. The breach marks another high-profile cybersecurity incident in a wave of attacks targeting some of the country’s largest corporations in recent weeks. Industries from insurance and retail to transportation and airlines have all been hit by hackers exploiting vulnerabilities in third-party systems.
Several well-known companies—including Google, Allianz Life, Cisco, and HR technology giant Workday—have also reported breaches of customer data linked to their Salesforce-hosted cloud databases. In Google’s case, the company pointed to the hacker collective known as ShinyHunters, a notorious extortion group that has been active in stealing and selling corporate data online.
At this stage, it remains unclear who is behind the TransUnion breach or whether the attackers have made any ransom or extortion demands. What is clear, however, is that the incident highlights once again the fragility of digital systems entrusted with massive amounts of highly personal data—and the growing pressure on corporations to secure it.