Money Research Collective’s editorial team solely created this content. Opinions are their own, but compensation and in-depth research determine where and how companies may appear. Many featured companies advertise with us. How we make money.
Credit Bureau TransUnion Confirms Data Breach Affecting Over 4 Million People
By Adam Hardy MONEY RESEARCH COLLECTIVE
In a legal filing, TransUnion said it began sending out letters notifying people affected by the July 28 “cyber incident” on Tuesday.
Hackers gained access to sensitive information on millions of Americans in a data breach targeting TransUnion, one of the nation’s big three credit bureaus.
TransUnion confirmed an unauthorized “cyber incident” happened on July 28, affecting over 4.4 million people, according to legal disclosures filed this week with the offices of attorneys general in Maine and Texas. Names, Social Security numbers and dates of birth were among the stolen information, according to the Texas filing.
Both states require companies to disclose data breaches that impact their residents, though only a portion of the people affected by the TransUnion hack live in those two states.
Details are scarce. In a statement to Money, TransUnion said “the incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers,” adding, “we are working with law enforcement and have engaged third party cyber security experts for an independent forensics review.”
As of press time, TransUnion had not made any public announcements about the data breach on its website, but the company told Money that it is notifying affected costumers.
In the Maine filing, TransUnion said it began sending out letters notifying people affected by the breach on Tuesday.
“We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations,” a sample letter reads. “We regret any concern caused by this incident and take seriously the responsibility to help secure consumer information.”
TransUnion told Money that the leak did not involve its “core credit database or include credit reports” and that the company “identified and contained this event within hours.” The credit bureau is offering two years of free credit monitoring services (provided by Cyberscout) to those impacted, according to the letter.
The TransUnion hack is the latest in a series of major breaches. Just this week, Google urged 2.5 billion Gmail users to reset their passwords after it was hacked by a group called ShinyHunters. The hackers targeted the corporate software company Salesforce, which works with many high-profile clients, and impersonated staff to gain access to more data at other companies.
Insurance firm Allianz and telecom giant AT&T were also targeted by the group. While the TransUnion letter mentions the hack involved a “third-party application” and not its core database, it’s not clear whether this leak is tied to ShinyHunters’ Salesforce operation.
Separately, in May, the consumer data broker LexisNexis, which works closely with the credit bureaus, disclosed a data breach that affected more than 360,000 people. Social Security numbers, driver’s license numbers, addresses and dates of birth were leaked in that cyber attack.
So far, 2025 has been particularly brutal for data breaches and identity theft. As of June 30, the Federal Trade Commission said it had received nearly 750,000 identity theft complaints, putting 2025 on track to be one of the worst years on record.
How to check if your information was stolen
While TransUnion said it began sending letters this week to people who were affected, it’s not clear when everyone will receive them — or if the bureau will send out other types of alerts.
To check if you were impacted, you can contact TransUnion directly by calling its fraud assistance line at 1-800-516-4700. The call center is open Monday through Friday, 8 a.m. to 8 p.m. Eastern time.
Another way to spot identity theft is to review your credit reports for suspicious activity that you did not authorize. At the federally authorized AnnualCreditReport.com, you can receive credit reports from all three credit bureaus every week online for free. There’s no need to pay to check your credit report.
Unofficial, online tools such as DeHashed or Have I Been Pwned can help check whether your email account has been associated with any known breaches, as well.
What to do if your information was leaked
If your data was leaked, that doesn’t automatically mean your identity has been stolen. You should, however, be on high alert and keep a close eye on all of your financial accounts.
Fraud experts previously told Money that you should consider taking these key steps: Delete your old accounts to limit your points of exposure; sign up for credit monitoring (especially if TransUnion offered you two free years); and change all of your passwords.
You can also notify your banks, credit card companies and other financial institutions that your data has been leaked and that they should monitor accounts for suspicious activity.
Even if you haven’t experienced identity theft yet, experts often recommend that you freeze your credit as a preventative measure. (This, too, is free; all you have to do is request a freeze online from TransUnion, Equifax and Experian.) That way, if your identity is stolen, thieves won’t be able to open new credit cards or take out loans in your name. Whenever you need to apply for a new line of credit, you can briefly unfreeze it, then freeze it again.
There are also plenty of free resources available, including those from nonprofits like Identity Theft Resource Center, which can help you screen for potential scams — or recover from them — at no charge. The Federal Trade Commission also has extensive resources at identitytheft.gov.
More from Money:
6 Best Identity Theft Protection Services of August 2025
How to Check Your Credit Report
The Places With the Highest Credit Scores in the U.S. Might Surprise You
Adam Hardy is Money's lead data journalist. He writes news and feature stories aimed at helping everyday people manage their finances. He joined Money full-time in 2021 but has covered personal finance and economic topics since 2018. Previously, he worked for Forbes Advisor, The Penny Hoarder and Creative Loafing. In addition to those outlets, Adam’s work has been featured in a variety of local, national and international publications, including the Asia Times, Business Insider, Las Vegas Review-Journal, Yahoo! Finance, Nasdaq and several others. Adam graduated with a bachelor’s degree from the University of South Florida, where he studied magazine journalism and sociology. As a first-generation college graduate from a low-income, single-parent household, Adam understands firsthand the financial barriers that plague low-income Americans. His reporting aims to illuminate these issues. Since joining Money, Adam has already written over 300 articles, including a cover story on financial surveillance, a profile of Director Rohit Chopra of the Consumer Financial Protection Bureau and an investigation into flexible spending accounts, which found that workers forfeit billions of dollars annually through the workplace plans. He has also led data analysis on some of Money’s marquee rankings, including Best Places to Live, Best Places to Travel and Best Hospitals. He regularly contributes data reporting for Best Colleges, Best Banks and other lists as well. Adam also holds a multimedia storytelling certificate from Poynter’s News University and a data journalism certificate from the Investigative Reporters and Editors (IRE) at the University of Missouri. In 2017, he received an English teaching certification from the University of Cambridge, which he utilized during his time in Seoul, South Korea. There, he taught students of all ages, from 5 to 65, and worked with North Korean refugees who were resettling in the area. Now, Adam lives in Saint Petersburg, Florida, with his pup Bambi. He is a card-carrying shuffleboard club member.