- Transunion reported data violation with 4.4 million affected Americans
- The threat that the actors claim that the attack is much bigger
- Users must be careful with incoming emails
Transunion, an important American credit reports, suffered a data violation in which he lost personal identification information (PII) in more than 4.4 million US citizens.
In a new report, presented to the Office of the Main Attorney General, the company said it was beaten on July 28, 2025, and that it saw the intrusion two days later.
The data lost in the incident are “limited,” said Transunion, without detailing the type. He stressed that credit reports and central credit information were not exposed in this attack. He still decided to give the affected people 24 months of free credit monitoring and protection against identity theft.
Brightness hunters
At the same time, Bleepingcomputer He discovered that the attack was Shinyhunters’ work, which broke into the company’s Salesforce account to steal information.
“A wave of Salesforce data theft attacks has impacted numerous companies this year, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel and Qantas,” said the publication. Shinyhunters confirmed with the publication that stole more than 13 million records, with the 4.4 million mentioned above in relation only to US citizens.
The group also shared a sample, showing the names of people, billing addresses, telephone numbers, email addresses, birth dates and non -written social security numbers (SSN). This type of information can hardly be described as “limited”, since it is more than enough to use in identity theft, phishing and other forms of cybercrime. Criminals can open bank accounts in names of people, take loans and even request tax cuts and returns.
The data also include the reason for the client’s transaction, as a request for a free credit report, which can also be used to go to victims with convincing phishing attacks, implement malware or steal even more information.
Shinyhunters also said Bleepingcomputer They stole customer service tickets and several messages stored in Salesforce.
Transunion is one of the three main consumer credit reports in the United States (together with Experian and Equifax). It collects and maintains credit information about individuals and companies, then provides credit reports, scores and identity protection services to lenders, companies and consumers.
How to stay safe
To mitigate potential risks, users must place a credit freezing (or fraud alert) with the three credit offices, preventing new credit accounts from being opened to their name without approval.
They must also monitor their credit reports and use the free identity robbery monitoring transunion offer.
Finally, they must observe their financial accounts closely and be very cautious with incoming emails and other communications. Since the attackers now know their contact information, they can send convincing false emails, text messages or calls that pretend to be banks, government agencies or even transunity.
Through Bleepingcomputer
