Massive Data Leak at TransUnion Affects 4.5 Million American Clients
In a concerning development, TransUnion, one of the three major credit reporting agencies in the United States, has disclosed a data breach that has affected 58,505 of its customers. The breach, which occurred on July 28, 2023, was detected two days later on July 30.
The compromised data is limited to specific data elements and does not include credit reports or core credit information. TransUnion, which takes the protection of personal information seriously, has not yet provided details on the nature of the breached data. However, notified customers are being offered free access to credit monitoring and proactive fraud assistance services.
The breach is believed to be a potential supply chain compromise, as no data was exfiltrated from TransUnion's systems. This suggests that the breach may have occurred on a third-party application serving TransUnion's US consumer support operations.
Third-party data breaches have been a growing concern in recent months, with multiple high-profile incidents reported. In July 2023, insurance firm Allianz Life revealed that the majority of its 1.4 million US customers had personal data stolen due to a third-party, cloud-based CRM being compromised. Similarly, Australian airline Qantas experienced a data breach in July, affecting nearly six million customers, after hackers gained access to a third-party customer service platform.
The latest TransUnion incident is linked to two cybercriminal groups, Scattered Spider and ShunyHunters, who are known for using social engineering techniques to compromise third-party IT and cloud providers. These groups are affiliated with The Com, a loosely organized online criminal network involving thousands of English-speaking individuals.
TransUnion is not the only company to have suffered a data breach. In June 2025, a procurement service provider named Chain IQ suffered a data breach, affecting data from banking giant UBS. TransUnion also has a history of data breaches, with one confirmed in 2022 involving the theft of personal data of around five million customers.
Despite these challenges, TransUnion continues to enhance its security controls to minimize the risk of similar incidents in the future. The company remains committed to protecting the personal information of its customers and providing them with the highest level of service.
