TransUnion recently disclosed that a breach involving an unknown third party has exposed the personal information of more than 4 million individuals.

The company mentioned in a letter to Maine’s attorney general that it experienced a cyber incident affecting its US customer support operations through a third-party application. TransUnion stated quickly contained the issue, asserting that the breach did not impact its core credit database or credit reports; however, no evidence supporting this claim was provided.

Further Details of the Breach

Maine’s laws require notifications for certain types of breaches impacting residents, though the name of the third party involved remains undisclosed. This situation mirrors a broader trend where US corporations have faced data breaches due to employees accidentally exposing their companies’ Salesforce databases.

In another incident, TransUnion revealed that customer names, dates of birth, and Social Security numbers were among the stolen data, as reported in a separate filing with Texas’s attorney general’s office.

The breach also echoes similar incidents this year involving other tech giants such as Google, Allianz Life, Cisco, and Workday. Following these hacks, Google accused an extortion group known as ShinyHunters for causing the breaches.

Uncertainty surrounds whether hackers made any demands or identified themselves in connection with the breach, despite TransUnion being a major player in the US market, holding financial data for over 260 million Americans. This incident follows a series of cyberattacks targeting insurance, retail, and transportation sectors.