TransUnion
The TransUnion data breach exposed names, birthdates, and Social Security numbers of 4.4 million Americans. Here’s what happened and why it matters.
Even credit bureaus aren’t untouchable. TransUnion recently disclosed a data breach—triggered by unauthorized access via a third-party application—that compromised sensitive personal data for more than 4.4 million Americans.
The incident, which occurred on July 28, 2025 and was discovered two days later, exposed names, dates of birth, and Social Security numbers. While credit reports and core credit data were not accessed, the exposed details are still highly valuable for identity theft and fraud (money.com).
The breach was confirmed through filings with state Attorneys General, with more than 17,000 residents in Maine and 358,000 in Texas notified directly. TransUnion is offering 24 months of free credit monitoring and identity theft protection to those affected.
Why This Matters
- Highly sensitive data was exposed: Birthdates and SSNs are enough to fuel serious fraud, even without credit reports.
- Vendor risk remains a major threat: The attack came through a third-party app, not TransUnion’s core systems—underscoring the importance of monitoring external partners.
- No company is too big to be breached: Even institutions trusted with the most sensitive data can fall victim.
