Credit reporting giant TransUnion has confirmed a massive data breach affecting more than 4.4 million U.S. customers. The stolen records include personal identifiers, making this one of the year’s most concerning cyber incidents.

TransUnion breach traced to third-party system

The company reported the July 28 hack to Maine’s attorney general. Attackers broke into a third-party application that handled support operations for U.S. customers. TransUnion insisted that no credit reports were taken, but it provided no evidence to back the claim.

What hackers took from customers

Later disclosures in Texas revealed the stolen data. Hackers obtained:

• Names
• Dates of birth
• Social Security numbers

These details are enough to enable large-scale identity theft. As a result, customers now face long-term risks even if their financial data remains untouched.

TransUnion’s response leaves questions

Spokesperson Jon Boughtin refused to answer detailed questions. He would not say what other personal records may have been taken. He also declined to confirm whether hackers made ransom demands. This lack of clarity has fueled criticism about the company’s transparency.

Breach adds to wider wave of cyberattacks

TransUnion stores data on over 260 million Americans. That scale makes it a prime target. Meanwhile, other major firms such as Google, Allianz Life, Cisco, and Workday have also reported breaches in recent weeks. Many of those cases involved stolen Salesforce cloud data.

Google linked its own incident to the ShinyHunters, a notorious extortion group. Still, investigators have not determined if the same group hit TransUnion.

Why TransUnion’s breach matters for consumers

The credit industry depends on trust. Yet repeated hacks keep undermining that confidence. This latest breach shows how fragile customer protection remains. For millions of Americans, TransUnion’s failure may cause lasting damage, not just a temporary scare.