"TransUnion has notified the Maine Attorney General's Office that 4,461,511 people were affected by an incident on July 28, 2025 that involved an unnamed third-party application. TransUnion's submission to Maine also revealed that the breach was discovered on July 30, 2025. A copy of their notification letter to consumers, provided to Maine, is skimpy on details. Not only does it not tell those affected when the breach occurred,"
"The letter does inform recipients what specifc data elements of theirs were involved, while reassuing them that "The information was limited to specific data elements and did not include credit reports or core credit information." TransUnion's letter or notification to Maine does not provide any sense of what consumers or subgroup of U.S. consumers were affected, but the letter indicates that the data was stored on a "third-party application serving our U.S. consumer support operations,""
TransUnion notified the Maine Attorney General's Office that 4,461,511 people were affected by an incident on July 28, 2025 involving an unnamed third-party application. The breach was discovered on July 30, 2025. The consumer notification provided to Maine lacked details about when consumers were notified, the identity of the third-party application, and whether any ransom demand or threat occurred. The letter identified specific affected data elements and stated that the information did not include credit reports or core credit information. TransUnion offered 24 months of credit monitoring and proactive fraud assistance to affected individuals. DataBreaches queried links to Salesforce/Salesloft Drift and extortion; responses are pending.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]