TransUnion has mailed out notification letters to more than 4.4 million U.S. persons affected by a breach at a third-party application.
In its notification to state attorneys general in Maine and California, TransUnion reported that the incident occurred on July 28, 2025, and they learned of it on July 30, 2025. The attack did not involve credit reports or “core credit information,” but did involve limited personal information data elements for 4,461,511 people, of which 16,828 were Maine residents.
TransUnion has offered those affected 24 months of credit monitoring and “proactive fraud assistance” to help with any questions that those affected may have now or in the event that they become a victim of fraud.
Although TransUnion did not name the third-party application that was compromised, DataBreaches.net reports that ShinyHunters claims that they acquired all of the records on TransUnion’s Salesforce CRM:
All records from TransUnion Salesforce CRM instance was taken. Total 13M+ records, 4.4 million records are just U.S. SSNs were also compromised, in plaintext. We’ll begin to leak data on the forum known as BreachStars of companies who did not pay us or chose to ignore us.
ShinyHunters reportedly declined to comment as to whether this was the Salesforce campaign that has been responsible for numerous recent breaches or if this was the newer Salesloft Drift campaign, tracked by Google’s Intelligence Threat Group as UNC 6395.
