(Bloomberg) — Hackers accessed the personal information of more than four million TransUnion customers in July, according to a regulatory disclosure from the major credit reporting agency.
TransUnion said in Thursday filings with Maine’s attorney general’s office that the data of 4.4 million customers that had been stored “on a third-party application” was compromised on July 28. The company said it discovered the breach two days later and that “no credit information was accessed.”
“Upon discovery, we quickly contained the issue, which did not involve our core credit database or include credit reports,” a TransUnion spokesperson, Jon Boughtin, said in an email. The company is working with law enforcement and has outside cybersecurity experts reviewing the breach, which Boughtin said “involved unauthorized access to limited personal information for a very small percentage of US consumers.”
The company declined to answer detailed questions about the breach, including who the hackers are, if they made any demands of the company and what kind of personal data they accessed.
TransUnion, which is based in Chicago, stores the financial data of more than 260 million Americans, making it one of the main credit reporting companies in the US.
TransUnion is planning to notify affected customers, and it will provide them with free credit monitoring services for as many as two years, according to a copy of the notice sent to affected Maine residents.
TransUnion also experienced a data breach in 2022, which exposed 22 million customers’ personal information, including Social Security numbers, financial account numbers and driver’s license numbers, Bloomberg Law reported.
More stories like this are available on bloomberg.com
©2025 Bloomberg L.P.