Credit reporting giant TransUnion has confirmed a major data breach affecting 4.4 million customers after an unauthorized party accessed a third-party application. The breach exposed personal information including names, dates of birth, and Social Security numbers, but no credit data was accessed.
The global AI race is no longer confined to the US and China. Emerging hubs like Abu Dhabi, Paris, Singapore, and São Paulo are transforming the landscape with bold strategies, sovereign investments, and rapid innovation, creating a multipolar future for artificial intelligence.
French retail giant Auchan has confirmed a second major data breach in less than a year, exposing the personal information of several hundred thousand loyalty program members. The attack follows a similar incident in November 2024, raising concerns about the company's cybersecurity posture.
Credit reporting giant TransUnion has confirmed a major data breach affecting 4.4 million customers after an unauthorized party accessed a third-party application. The breach exposed personal information including names, dates of birth, and Social Security numbers, but no credit data was accessed.
Cyber News Centre's cyber update for 1st September 2025: TransUnion has disclosed a significant data breach affecting 4.4 million customers after an unauthorized party accessed a third-party application.
TransUnion is one of the three major credit reporting agencies in the United States, holding financial data on more than 260 million Americans. The company provides credit information and information management services to businesses and consumers.
The Update: TransUnion has confirmed a data breach that exposed the personal information of 4.4 million customers. The incident, which occurred on July 28, 2025, resulted from unauthorized access to a third-party application used for the company's U.S. consumer support operations. According to disclosures filed with the attorney general's offices in Maine and Texas, the compromised data includes customer names, dates of birth, and Social Security numbers.
TransUnion has stated that its core credit database was not affected and that no credit information was accessed during the breach. The company has begun notifying affected individuals and is offering two years of free credit monitoring services through Cyberscout. While the specific third-party application has not been named, the incident is part of a broader trend of attacks targeting corporate systems through their supply chain and third-party vendors. TransUnion has said it "quickly contained the issue" but has not yet disclosed who was behind the attack.
Why it Matters: This breach at a major credit reporting agency highlights the significant downstream risk posed by third-party applications. Even though TransUnion's core credit databases were not compromised, the theft of sensitive personal information like Social Security numbers provides criminals with the primary tools needed for identity theft and sophisticated phishing campaigns.
For the 4.4 million individuals affected, the risk of fraud is now substantially higher. This incident also reinforces the importance of supply chain security, demonstrating that even large corporations with extensive security resources remain vulnerable through their interconnected software and service providers. The breach serves as a critical reminder for organizations to rigorously vet and monitor the security posture of all third-party applications with access to sensitive data.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
French retail giant Auchan has confirmed a second major data breach in less than a year, exposing the personal information of several hundred thousand loyalty program members. The attack follows a similar incident in November 2024, raising concerns about the company's cybersecurity posture.
A widespread cyberattack has paralyzed Nevada's state government, forcing the closure of DMV offices, disrupting public services, and triggering a joint state and federal investigation. The attack, has taken down websites and phone lines, with no clear timeline for full restoration.
Farmers Insurance has confirmed a major data breach affecting 1.1 million customers after hackers compromised a third-party vendor's Salesforce database. The breach, part of a wider campaign by the ShinyHunters group, exposed personal information.
Direwolf has claimed responsibility for an alleged ransomware attack on Wine Works Australia, stating it stole 22GB of data including financial and customer records. The claims remain unverified with no response from Wine Works. CNC will provide updates as more details emerge.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
