Hackers breached the customer service system of TransUnion in the US through a third-party application, exposing sensitive personal information of about 4.4 million Americans including names, addresses, birth dates, and Social Security numbers, but without credit reports.

 

Hackers breached the customer service system of TransUnion in the US through a third-party application, exposing sensitive personal information of about 4.4 million Americans including names, addresses, birth dates, and Social Security numbers, but without credit reports.

The attack is attributed to the ShinyHunters and UNC6395 groups who exploited vulnerabilities in Salesforce.

TransUnion provides credit rating and financial information management services, so such a leak poses a serious risk of identity theft.

The company offers affected individuals two years of credit monitoring and identity protection services, while a class-action lawsuit against it is under review. Law enforcement authorities continue their investigation.