TransUnion, one of the prominent consumer credit reporting agencies in the U.S., has reported a significant data breach, compromising personal information of over 4.4 million individuals. This breach occurred while the company was entangled in a larger incident affecting Salesforce, the well-known customer relationship management platform, which shares credit data across a network of 65,000 organizations.

Incident Overview at TransUnion

As detailed in a breach notification filed with the Maine Attorney General, a “cyber incident related to a third-party application” occurred on July 28, enabling attackers to gain unauthorized access to certain personal data of U.S. consumers. A letter issued to affected individuals clarifies that while credit reports and vital credit details were not compromised, the specifics of what information is at risk remain undisclosed. The breach came to light on July 30.

Reports from BleepingComputer link this incident to a series of attacks executed by the ShinyHunters hacking group targeting Salesforce. Notable companies affected by these linked attacks include Google, Workday, Allianz Life, and well-known retailers such as Adidas and LVMH.

Actions for Affected TransUnion Customers

Starting August 26, TransUnion has been reaching out to affected consumers, so it’s essential to keep an eye out for correspondence from the company. Those whose information has been compromised can take advantage of two years of complimentary credit monitoring through My TrueIdentity, a TransUnion affiliate, which offers identity protection, resolution services, and up to $1 million in identity theft insurance.

To enroll, visit the My TrueIdentity website. You’ll need the unique activation code provided in your notification letter, as well as your email address and some personal information for verification. Note that this offer is only valid for a period of 90 days following the notification date.

For additional security, consumers are advised to freeze their credit with the three main credit bureaus: Equifax, Experian, and TransUnion. This precaution helps thwart potential fraudsters from opening accounts in your name. If there’s a belief that your Social Security number might be compromised, a fraud alert can be set up at one bureau, which will notify the other two. Additional measures to safeguard your identity should be taken, such as closely monitoring all financial accounts and promptly reporting suspicious activities.

For any inquiries regarding the breach, TransUnion can be contacted at 800-516-4700 from 8 a.m. to 8 p.m. ET, Monday through Friday.