TransUnion, a major credit bureau, suffered a **data breach** exposing sensitive personal information of **4.4 million US consumers**. The compromised data includes **names, Social Security numbers (SSNs), and dates of birth**, though no credit information was accessed. The breach originated from unauthorized access to a **third-party application** supporting TransUnion’s US consumer operations. While the company claims the exposed data is limited, the leaked details (SSNs and DOBs) pose a **high risk of identity theft**. TransUnion is notifying affected individuals and offering support resources. Legal firms are already preparing class-action lawsuits. The incident highlights vulnerabilities in third-party vendor security, reinforcing the need for credit monitoring or freezes for impacted users.
TPRM report: https://www.rankiteo.com/company/transunion
"id": "tra511090325",
"linkid": "transunion",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4.4 million US consumers',
'industry': 'Financial Services / Consumer Credit '
'Reporting',
'location': 'United States',
'name': 'TransUnion',
'type': 'Credit Bureau'}],
'attack_vector': 'Third-party application vulnerability',
'customer_advisories': 'Notification letters sent to affected individuals '
'with details about the incident and resources for '
'assistance.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '4.4 million',
'personally_identifiable_information': ['Name',
'Social Security '
'Number',
'Date of Birth'],
'sensitivity_of_data': 'High (SSNs and DOBs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'description': 'Credit bureau TransUnion confirmed a significant data breach '
'exposing personal data (names, Social Security Numbers, dates '
'of birth) of ~4.4 million US consumers. The breach involved '
'unauthorized access to a third-party application serving US '
'consumer support operations. While no credit information was '
'accessed, the exposed details pose an identity theft risk. '
'Affected individuals are being notified via letter, and a '
'class-action lawsuit is being prepared.',
'impact': {'brand_reputation_impact': 'Potential damage due to exposure of '
'sensitive personal data and '
'class-action lawsuit',
'data_compromised': ['Name',
'Social Security Number',
'Date of Birth'],
'identity_theft_risk': 'High (due to exposure of SSNs and DOBs)',
'legal_liabilities': 'Class-action lawsuit in preparation',
'systems_affected': ['Third-party application (US consumer support '
'operations)']},
'post_incident_analysis': {'root_causes': 'Unauthorized access to a '
'third-party application serving US '
'consumer support operations.'},
'recommendations': 'Consumers advised to freeze credit if not actively '
'applying for credit.',
'references': [{'source': 'CNET'}, {'source': 'TransUnion state filings'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit in '
'preparation',
'regulatory_notifications': 'Mandatory state '
'filings submitted'},
'response': {'communication_strategy': 'Direct notification letters to '
'affected individuals; public '
'disclosure via state filings and '
'media (e.g., CNET)',
'incident_response_plan_activated': 'Yes (notification letters '
'sent to affected '
'individuals)'},
'title': 'TransUnion Data Breach Exposes Sensitive Personal Information of '
'4.4 Million US Consumers',
'type': 'Data Breach'}