In August 2025, TransUnion confirmed it had been affected by the ShinyHunters/Scattered Spider Salesforce social engineering campaign, with limited personal information exposed for an estimated 44 million or more individuals. TransUnion, as one of the US’s three major credit bureaus, holds extensive consumer credit and financial records. The breach was part of a broader wave of ShinyHunters vishing attacks against enterprises using Salesforce, in which attackers impersonated IT support staff to obtain Salesforce administrator credentials. Other confirmed victims of the same campaign include Air France-KLM, Cisco, Pandora, Chanel, Stellantis, and Farmers Insurance.