We research all brands listed and may earn a fee from our partners. Research and financial considerations may influence how brands are displayed. Not all brands are included. Learn more.

  1. Identity Theft
  2. Data Breach

Credit Bureau TransUnion Confirms Data Breach Affecting Over 4 Million People

By: Adam Hardy
Adam Hardy, expert in Personal finance, student loans, credit, job market, low-income finances, and Lead data journalist at Money
Adam Hardy
Lead data journalist | Joined October 2021
Adam Hardy is a lead data journalist at Money, where he frequently reports on financial barriers that affect low-income Americans. Adam’s work has also appeared in Business Insider, Forbes, Nasdaq, The Penny Hoarder, Yahoo! Finance and many other outlets.
See full bio
Editor: Julia Glum
Julia Glum, expert in the IRS, taxes, credit scores, saving, colleges, mobile payment apps, and Managing Editor at Money
Julia Glum
Managing Editor | Joined February 2018
Julia Glum joined Money in 2018 and specializes in covering financial trends that affect everyday Americans' wallets. She also writes Dollar Scholar, a weekly newsletter that teaches young adults how to navigate the messy world of money.
See full bio
Published: Aug 29, 2025 1:39 p.m. EDT 6 min read
Close-up of a smartphone showing a TransUnion logo
Money; Getty Images

Hackers gained access to sensitive information on millions of Americans in a data breach targeting TransUnion, one of the nation's big three credit bureaus.

TransUnion confirmed an unauthorized “cyber incident” happened on July 28, affecting over 4.4 million people, according to legal disclosures filed this week with the offices of attorneys general in Maine and Texas. Names, Social Security numbers and dates of birth were among the stolen information, according to the Texas filing.

Both states require companies to disclose data breaches that impact their residents, though only a portion of the people affected by the TransUnion hack live in those two states.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer
Your digital and financial identity are at constant risk - Get comprehensive Identity Theft Protection today!
Click you state to find the protect your information with Identity Guard.
HawaiiAlaskaFloridaSouth CarolinaGeorgiaAlabamaNorth CarolinaTennesseeRIRhode IslandCTConnecticutMAMassachusettsMaineNHNew HampshireVTVermontNew YorkNJNew JerseyDEDelawareMDMarylandWest VirginiaOhioMichiganArizonaNevadaUtahColoradoNew MexicoSouth DakotaIowaIndianaIllinoisMinnesotaWisconsinMissouriLouisianaVirginiaDCWashington DCIdahoCaliforniaNorth DakotaWashingtonOregonMontanaWyomingNebraskaKansasOklahomaPennsylvaniaKentuckyMississippiArkansasTexas
View Plans

Details are scarce. In a statement to Money, TransUnion said "the incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers," adding, "we are working with law enforcement and have engaged third party cyber security experts for an independent forensics review."

As of press time, TransUnion had not made any public announcements about the data breach on its website, but the company told Money that it is notifying affected costumers.

In the Maine filing, TransUnion said it began sending out letters notifying people affected by the breach on Tuesday.

“We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations,” a sample letter reads. “We regret any concern caused by this incident and take seriously the responsibility to help secure consumer information.”

TransUnion told Money that the leak did not involve its “core credit database or include credit reports" and that the company "identified and contained this event within hours." The credit bureau is offering two years of free credit monitoring services (provided by Cyberscout) to those impacted, according to the letter.

The TransUnion hack is the latest in a series of major breaches. Just this week, Google urged 2.5 billion Gmail users to reset their passwords after it was hacked by a group called ShinyHunters. The hackers targeted the corporate software company Salesforce, which works with many high-profile clients, and impersonated staff to gain access to more data at other companies.

Insurance firm Allianz and telecom giant AT&T were also targeted by the group. While the TransUnion letter mentions the hack involved a “third-party application” and not its core database, it’s not clear whether this leak is tied to ShinyHunters’ Salesforce operation.

Separately, in May, the consumer data broker LexisNexis, which works closely with the credit bureaus, disclosed a data breach that affected more than 360,000 people. Social Security numbers, driver’s license numbers, addresses and dates of birth were leaked in that cyber attack.

So far, 2025 has been particularly brutal for data breaches and identity theft. As of June 30, the Federal Trade Commission said it had received nearly 750,000 identity theft complaints, putting 2025 on track to be one of the worst years on record.

How to check if your information was stolen

While TransUnion said it began sending letters this week to people who were affected, it’s not clear when everyone will receive them — or if the bureau will send out other types of alerts.

To check if you were impacted, you can contact TransUnion directly by calling its fraud assistance line at 1-800-516-4700. The call center is open Monday through Friday, 8 a.m. to 8 p.m. Eastern time.

Another way to spot identity theft is to review your credit reports for suspicious activity that you did not authorize. At the federally authorized AnnualCreditReport.com, you can receive credit reports from all three credit bureaus every week online for free. There's no need to pay to check your credit report.

Unofficial, online tools such as DeHashed or Have I Been Pwned can help check whether your email account has been associated with any known breaches, as well.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer
Protect yourself from the threat of Identity Theft
With comprehensive and affordable Identity Theft Protection software, Identity Guard will secure your personal information. Click below to get the protection you deserve.
View Plans

What to do if your information was leaked

If your data was leaked, that doesn’t automatically mean your identity has been stolen. You should, however, be on high alert and keep a close eye on all of your financial accounts.

Fraud experts previously told Money that you should consider taking these key steps: Delete your old accounts to limit your points of exposure; sign up for credit monitoring (especially if TransUnion offered you two free years); and change all of your passwords.

You can also notify your banks, credit card companies and other financial institutions that your data has been leaked and that they should monitor accounts for suspicious activity.

Even if you haven’t experienced identity theft yet, experts often recommend that you freeze your credit as a preventative measure. (This, too, is free; all you have to do is request a freeze online from TransUnion, Equifax and Experian.) That way, if your identity is stolen, thieves won’t be able to open new credit cards or take out loans in your name. Whenever you need to apply for a new line of credit, you can briefly unfreeze it, then freeze it again.

There are also plenty of free resources available, including those from nonprofits like Identity Theft Resource Center, which can help you screen for potential scams — or recover from them — at no charge. The Federal Trade Commission also has extensive resources at identitytheft.gov.

SHOWHIDE
Ads by Money. We may be compensated if you click this ad.Ad
Protect yourself from the threat of Identity Theft with Aura
View Plans

More from Money:

6 Best Identity Theft Protection Services of August 2025

How to Check Your Credit Report

The Places With the Highest Credit Scores in the U.S. Might Surprise You