TransUnion has announced that attackers gained unauthorized access to a third‑party application used in its U.S. consumer support operation that is reported to be linked to a broader wave of attacks targeting Salesforce‑connected applications across major industries.
The breach affected more than 4.4 million individuals, but TransUnion emphasized that its core credit reporting systems were not breached, and no credit report data was accessed. Hackers have claimed they accessed over 13 million records, but TransUnion confirmed that approximately 4.4 million U.S. individuals were affected.
TransUnion’s required state filings indicate that the compromised data includes:
- Full names;
- Dates of birth;
- Social Security numbers;
- Addresses;
- Email addresses;
- Telephone numbers; and
- Customer support messages, reasons for transactions, and ticket data (which varies by individual).
TransUnion has notified all affected consumers and is offering 24 months of free credit monitoring and identity theft protection to those affected. If you receive a notification letter from TransUnion, it is worthwhile to follow the instructions to protect yourself from identity theft.