TransUnion disclosed on August 28, 2025, that unauthorized actors accessed a third-party application serving its US consumer support operations between July 28–30, 2025. The attack is attributed to ShinyHunters/UNC6395 as part of their broader campaign targeting Salesforce environments via the SalesLoft Drift OAuth token compromise (see 2025-08_salesloft-drift-oauth-salesforce.yaml). Approximately 4.4 million US consumers had names, dates of birth, and Social Security numbers exposed. TransUnion’s core credit database and credit reports were not compromised. Notifications were sent August 26, 2025 with two years of complimentary credit monitoring via myTrueIdentity.