dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

Data breach at TransUnion impacts 4.4 million people

August 28, 2025
Total
0
Shares
0
0
0

Nearly 4.5 million people were affected by a data breach at the credit reporting giant TransUnion, the company informed regulators this week.

According to a sample letter notifying victims of the breach, a cyber incident “involving a third-party application” used for customer support resulted in unauthorized access to “limited” personal information. No credit information was accessed, the company said.

The incident began on July 28 and was discovered two days later, TransUnion told the Maine attorney general. A separate filing in Texas shows that Social Security numbers were among the leaked information. 

The breach is the latest to target companies that hold huge amounts of data on people around the world. The insurance companies Allianz Life and Farmers Insurance were both recent victims of third-party breaches that are reportedly linked to social engineering attacks on Salesforce.   

The Google-owned firm Mandiant issued an advisory about the Salesforce attacks earlier this week, calling it a “widespread data theft campaign” and attributing it to the threat actor UNC6395. The hackers targeted OAuth tokens associated with the Salesloft Drift third-party application, Mandiant said.  

TransUnion did not say which third-party vendor was impacted, and did not respond to a request for comment. The company claims to have a database of credit histories on more than 260 million Americans.

CybercrimeIndustryNewsNews BriefsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

August 28, 2025
Next Post

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

August 29, 2025
Related Posts
5 min

How CISOs Can Drive Effective AI Governance

AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate a set of restrictions, and
info@thehackernews.com (The Hacker News)
September 18, 2025
Read More
3 min

Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign

State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025. "The attackers used AI's 'agentic' capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves," the AI upstart
info@thehackernews.com (The Hacker News)
November 14, 2025
Read More
6 min

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil. The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the
info@thehackernews.com (The Hacker News)
December 3, 2025
Read More