Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it's Salesforce account.
TransUnion is one of the three major credit bureaus in the United States, alongside Equifax and Experian. It operates in 30 countries, employs 13,000 staff, and has an annual revenue of $3 billion.
TransUnion suffers data breach impacting over 4.4 million people
Update: Story updated with confirmation that this was another Salesforce data theft attack and the types of data stolen.
A wave of Salesforce data theft attacks has impacted numerous companies this year, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas.
These attacks have been conducted by the Shiny Hunters extortion group, and more recently, by a cluster tracked as UNC6395.
After publishing this story, BleepingComputer confirmed with two sources, including ShinyHunters, that TransUnion's data breach is linked to these Salesforce attacks.
The threat actor claims that the stolen data consists of over 13 million records, with 4.4 million records related to people in the US.
- A sample of the stolen data shared with BleepingComputer contains quite a lot of sensitive personal information, including names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security Numbers of TransUnion customers.
The data also includes the reason for the customer transaction, such as a request for a free credit report.
- In addition to customer data, the threat actors also claim to have stolen customer support tickets and messages that were stored in Salesforce.
BleepingComputer contacted TransUnion with further questions about this breach, and we will update this article if we receive a response.
Two years ago, a threat actor claimed a data breach at TransUnion, which the company rejected, saying that the data had been stolen from a third party.
In previous years, the company's South African and Canadian branches suffered cybersecurity breaches that exposed customer information.
Update 8/28/26 2:13 PM ET: Added information about the types of data stolen from TransUnion's Salesforce instance.
Anthropic is testing GPT Codex-like Claude Code web app
Anthropic is planning to bring the famous Claude Code to the web, and it might be similar to ChatGPT Codex, but you'll need GitHub to get started.
For those unaware, Claude Code, which works with paid plans, is an AI-powered coding assistant that runs inside your terminal. It is primarily designed for developers, and it can understand the entire codebase of your app.
Source: BleepingComputer
With Claude Code, you can fix bugs, test new features, simplify Git operations, and automate your complex coding tasks.
As I mentioned, it requires you to set up a repository, which means you'll need to install the GitHub Claude app on your repository and then commit the "Claude Dispatch" GitHub workflow file.
- You can enable email and web notifications for Claude Code updates.
- It's not clear if Claude Code in the terminal or web can access the content written in either of the places.
Picus Blue Report 2025 is Here: 2X increase in password cracking
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data.
- September 01, 2025
- 11:35 AM
New Whitepaper: The Evolution of Phishing Attacks 
Modern phishing has changed a lot in the past decade or so. The most sophisticated attacks — the ones that usually hit the headlines in the form of major breaches — come with a host of anti-analysis and obfuscation techniques making them increasingly difficult to detect.
Get the whitepaper to learn about modern phishing detection evasion techniques and how to counteract them.
This thin new bluetooth item tracker deal is great for wallets and ID badges
It's easy to misplace small items like your wallet or ID badge and finding them can turn into a huge hassle. The KeySmart SmartCard Lite is a slim trackers work just like AirTags, but they'll go where AirTags won't. It's also only $64.99 (reg. $99.96) for a four-pack.
- September 01, 2025
- 08:12 AM
Brokewell Android malware delivered through fake TradingView ads
Cybercriminals are abusing Meta's advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android.
- August 31, 2025
- 02:35 PM
2
OpenAI releases big upgrade for ChatGPT Codex for agentic coding
OpenAI has announced a big update for Codex, which is the company's agentic coding tool.
- August 31, 2025
- 01:00 PM
Zscaler data breach exposes customer info after Salesloft Drift compromise
Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases.
- September 01, 2025
- 01:00 PM
-
ChatGPT can now create flashcards quiz on any topic
If you use ChatGPT to learn new topics, you might want to try its new flashcard-based quiz feature, which can help you evaluate your progress.
- August 31, 2025
- 08:30 AM
-
Train for CISSP certification with this $30 bundle deal covering all domains
If you've been thinking about breaking into cybersecurity or leveling up in your current role to earn one of those six-figure salaries, our 8-course CISSP Security & Risk Management Training Bundle covering all domains could be your entry point. For a limited time, you can get lifetime access for $29.97 (MSRP $424).
- August 31, 2025
- 08:12 AM
-
OpenAI is testing "Thinking effort" for ChatGPT
OpenAI is working on a new feature called the Thinking effort picker for ChatGPT.
- August 31, 2025
- 07:26 AM
-
TamperedChef infostealer delivered through fraudulent PDF Editor
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef.
Ionut Ilascu- August 30, 2025
- 12:22 PM
-
Compare 40+ AI models side by side in one platform in this deal
ChatPlayground AI puts more than 40 of today's leading AI models — including GPT-4o, Claude Sonnet 4, Gemini 1.5 Flash, DeepSeek V3, Perplexity, and more — in one streamlined interface built specifically for fast, head-to-head comparisons. Get a lifetime subscription to the Basic Plan for $39.99.
- August 30, 2025
- 08:09 AM
-
Windows 11 KB5064081 update clears up CPU usage metrics in Task Manager
Microsoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradually rolling out. These updates include new Recall features and a new way of displaying CPU usage in Task Manager.
- August 29, 2025
- 02:57 PM
- 1
-
This Microsoft Security Copilot eBook is free for a limited time
Cyber threats are evolving fast, and with AI stepping into the field, staying ahead means mastering both defense and intelligence. Right now, you can grab "Microsoft Security Copilot: Master strategies for AI-driven cyber defense" - a $39.99 value - completely FREE for a limited time.
- August 29, 2025
- 02:07 PM
-
Microsoft fixes bug behind Windows certificate enrollment errors
Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates.
- August 29, 2025
- 02:02 PM
-
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks.
- August 29, 2025
- 12:31 PM
-
Microsoft to enforce MFA for Azure resource management in October
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts.
- August 29, 2025
- 11:56 AM
-
Microsoft says recent Windows update didn't kill your SSD
Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs).
- August 29, 2025
- 10:21 AM
- 3
-
This 1TB cloud storage deal lasts for life with no recurring costs
Monthly cloud storage subscriptions become a worse deal the longer you use them. If you want a lasting alternative to platforms like Dropbox or iCloud, try Koofr. They just dropped the price for a 1TB plan, and it lasts for life with no recurring costs.
- August 29, 2025
- 09:15 AM
-
Google warns Salesloft breach impacted some Workspace accounts
Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data.
- August 28, 2025
- 06:09 PM
-
US targets North Korean IT worker army with new sanctions
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations.
- August 28, 2025
- 03:11 PM
No comments:
Post a Comment