TransUnion breach affects 4.5 million US consumers, highlighting rising third-party cyberattack threats

TransUnion’s data breach exposed personal information of 4.5 million Americans via a third-party app. This follows recent similar attacks on UBS, Allianz Life, and Qantas, linked to cybercriminal groups targeting third-party providers.
Cartier and North Face reveal customer data stolen in cyber breaches.

TransUnion, a US consumer credit reporting agency, has suffered a data breach, impacting the personal information of nearly 4.5 million Americans. The breach, detected on 30 July 2025, involved unauthorised access to a third-party application used in its US consumer support operations.

Although credit reports and core credit data were not exposed, specific personal details were compromised. TransUnion is offering affected customers free credit monitoring and fraud assistance. The agency highlighted its commitment to robust security measures and ongoing improvements. The incident follows previous breaches in 2022 and 2023, raising concerns about TransUnion’s overall data protection and third-party risks.

The recent TransUnion breach follows several high-profile data incidents involving third-party compromises. In June 2025, banking giant UBS was affected after its procurement provider Chain IQ was attacked.

In July, Allianz Life reported personal data theft from 1.4 million US customers via a third-party cloud-based CRM breach. Australian airline Qantas also disclosed a breach impacting nearly six million customers through a third-party service platform.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot