TransUnion becomes latest victim in major wave of Salesforce-linked cyberattacks, 4.4M Americans affected

You might have recently noticed a wave of cyberattacks hitting companies whose services millions of Americans rely on every day. Among the victims are Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel and Qantas, all reporting breaches linked to Salesforce-connected applications.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER.

TransUnion has disclosed a major data breach that impacted 4,461,511 individuals in the United States, according to a filing with the Maine Attorney General's Office. The incident occurred on July 28, 2025, and was discovered two days later on July 30.

Although TransUnion characterized the exposed information as "limited," the stolen data is highly sensitive. It includes names, dates of birth, Social Security numbers, billing addresses, email addresses, phone numbers, reasons for customer transactions (such as requests for a free credit report), and customer support tickets and messages.

Hackers claim they stole more than 13 million records in total, with about 4.4 million tied to U.S. consumers.

In response, TransUnion is providing all affected individuals with 24 months of free credit monitoring and identity theft protection services.

In most cases, attackers exploited malicious third-party integrations or OAuth-connected apps disguised as legitimate Salesforce tools to siphon sensitive records. This technique bypassed traditional login protections and gave intruders long-lasting access to customer relationship management data. The stolen information ranges from basic contact details and business notes to highly sensitive identifiers such as Social Security numbers, dates of birth and driver's license information.

Researchers say these intrusions align with activity from the extortion group ShinyHunters, with some overlap in tactics and infrastructure linked to other threat actors like Scattered Spider. Campaigns tracked under names such as UNC6395 and UNC6040 point to a larger "extortion-as-a-service" model, where criminal crews collaborate and share stolen data across underground forums.

CyberGuy reached out to TransUnion for a comment and received the following response:

"TransUnion recently experienced a cyber incident that affected a third-party application serving our U.S. consumer support operations. Upon discovery, we quickly contained the issue, which did not involve our core credit database or include credit reports.

As for the gap between when the breach occurred (July 28, 2025) and when it was officially recorded as "discovered" (July 30, 2025), a TransUnion spokesperson clarified that the company "identified and contained this event within hours" of it happening, but that it is common industry practice to designate a later "date of discovery" to reflect a more complete assessment following the initial response.

The TransUnion breach exposed millions of people's data, but there are steps you can take to protect yourself. Here are eight ways to stay safe.

Go through old online accounts, shopping profiles or cloud storage that may still hold sensitive data. Deleting what you no longer use reduces the amount of information that could be stolen in future breaches or sold on dark web forums. You can also get help from a data removal service.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan.

Data stolen in breaches often ends up fueling phishing campaigns. Attackers may use your name, email or phone number to make messages look more convincing. If you get an email or text claiming to be from TransUnion, your bank or any service asking you to "verify" details, don't click on the link. Instead, log in through the official website or call customer service directly.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech.

Next, see if your passwords have been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords.

Hackers often rely on outdated software to spread malware or steal information. Installing the latest updates for your phone, computer and apps ensures security patches are in place, blocking known vulnerabilities that attackers might exploit.

One of the biggest risks after a breach is criminals opening new loans or credit cards in your name. A credit freeze with all three major bureaus, TransUnion, Equifax and Experian, prevents anyone from accessing your credit file without your approval. It's free and can be temporarily lifted if you need to apply for credit.

Watch your bank and credit card statements for unfamiliar charges, no matter how small. Set up transaction alerts where available. You should also pull your free annual credit report to check for unauthorized accounts or inquiries, which could be signs of fraud.

See my tips and best picks on how to protect yourself from identity theft at  Cyberguy.com/IdentityTheft.

Should companies like TransUnion be held legally accountable when millions of people are exposed to fraud? Let us know by writing to us at Cyberguy.com/Contact.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER.

Copyright 2025 CyberGuy.com. All rights reserved.