SecurityJuly 6, 20269 min read

What to Do After the TransUnion Data Breach

PT

By PrivacyOn Team

Privacy Research & Removal Operations

What to Do After the TransUnion Data Breach

Worried you're exposed? Find out in 60 seconds with a free exposure scan.

The TransUnion data breach exposed the personal information of 4.4 million U.S. consumers after attackers stole data through a compromised third-party Salesforce application. If you have ever contacted TransUnion consumer support, your name, date of birth, Social Security number, address, phone number, and email may have been stolen. Here is exactly what to do next.

What Happened

TransUnion, one of the three major U.S. credit bureaus, disclosed the breach in filings and consumer notifications in August 2025 and expanded the notification pool through 2026 as investigators mapped the full scope of the theft. According to TransUnion and threat intelligence firm Mandiant, attackers gained access to a third-party Salesforce application used by TransUnion's consumer support operations between late July 2025 and early August 2025. The incident is now part of a much larger campaign the security community calls the Salesloft Drift wave, in which the UNC6395 and ShinyHunters threat actors stole data from more than 700 organizations by abusing OAuth tokens issued to the Salesloft Drift chatbot integration for Salesforce.

TransUnion has confirmed that 4.4 million U.S. consumers are impacted. Threat actors have publicly claimed the underlying theft covers roughly 13 million records globally.

Your credit report itself was not accessed

TransUnion has emphasized that its core credit database, credit files, and credit reports remain secure. The stolen data came from a customer support system, not from the credit reporting infrastructure. That said, the stolen fields are more than enough to enable identity theft even without direct access to a credit file.

What Data Was Stolen

According to TransUnion's consumer notifications, the exposed fields include:

  • Full name
  • Date of birth
  • Social Security number
  • Billing address
  • Email address
  • Phone number
  • Customer support ticket details and correspondence with TransUnion agents

The combination of Social Security number, date of birth, and address is the exact recipe criminals need to open fraudulent credit accounts, file fake tax returns, or take over your existing accounts. Treat this breach as if all four pieces of information are now in circulation on criminal markets.

Who Is Affected

You are likely in the affected group if any of the following are true:

  • You contacted TransUnion consumer support by phone, email, or web form between late 2023 and August 2025
  • You disputed a credit report item with TransUnion during that window
  • You filed a fraud alert or identity theft claim through TransUnion
  • You received a notification letter from TransUnion or a credit monitoring signup code with the reference to the July 2025 incident

TransUnion is providing 24 months of free credit monitoring and identity theft protection to notified individuals. Enroll in that offer if you are eligible, but do not treat it as a complete defense.

Step 1: Freeze Your Credit at All Three Bureaus

The single most effective action after any SSN exposure is a credit freeze. A freeze blocks lenders from pulling your credit file to approve new accounts, which shuts down the most damaging form of identity theft.

File a freeze at each of the three bureaus separately. It is free and does not affect your credit score:

  • Equifax: equifax.com/personal/credit-report-services
  • Experian: experian.com/freeze
  • TransUnion: transunion.com/credit-freeze

Also freeze your file with the two lesser-known bureaus criminals often exploit: Innovis (innovis.com/personalInformation/securityFreeze) and NCTUE (nctue.com/consumers), which many mobile carriers and utilities check instead of the big three.

Step 2: Enroll in the Free Credit Monitoring, Then Layer More

Accept TransUnion's 24-month monitoring offer if you receive a code, but treat it as one layer, not a full solution. Since the compromised data will still be valuable years from now, layer in your own long-term monitoring:

  • Turn on free breach alerts at haveibeenpwned.com
  • Enable Social Security number alerts through a dark web monitoring service
  • Set up your free annual credit reports at annualcreditreport.com and check every four months rotating between bureaus

Is your data already out there?

Leaked data ends up on broker sites and in scammers' hands. Run a free 60-second scan to see your exposure — then let us remove it.

Run a free scan

★★★★★ 4.8/5 · Trusted by thousands of families

Step 3: File an IRS Identity Protection PIN

Criminals use stolen SSNs to file fraudulent tax returns and steal refunds. Get an IRS Identity Protection PIN (IP PIN) to prevent this. Request one at irs.gov/ippin. Once enabled, no tax return can be filed under your SSN without the six-digit PIN, which changes every year.

Step 4: Watch for Targeted Phishing and Vishing

The stolen data includes your customer support ticket text with TransUnion. That is dangerous because it lets attackers reference real details from your history to make phishing emails and phone calls sound legitimate.

Red flags to watch for

Any inbound call, text, or email that references your TransUnion dispute, credit inquiry, or account details is suspicious. Legitimate TransUnion communications will never ask you to confirm your SSN, verify a password, or move money. Hang up and call TransUnion back at the number on the back of your credit card or on transunion.com.

Step 5: Remove Your Data From People-Search Sites

Attackers combine breach data with public data broker records to build complete identity profiles. Sites like Spokeo, BeenVerified, and Whitepages sell your address history, phone numbers, and relatives to anyone with a credit card. Removing your data from these sites raises the cost of putting your full profile together and reduces the chance of successful phishing.

PrivacyOn continuously removes your information from 100+ data brokers and monitors for re-listing so your details do not silently reappear after cleanup.

Step 6: Report Fraud If It Happens

If you spot fraudulent activity linked to the breach, file reports with:

  • The FTC at identitytheft.gov (this generates a recovery plan and legal affidavit)
  • Your local police for a report you can send to creditors and banks
  • The Social Security Administration at ssa.gov if your SSN is used to file for benefits

Frequently Asked Questions

How do I know if I am one of the 4.4 million TransUnion breach victims?

TransUnion is mailing written notifications to affected individuals and providing a claim code for the free credit monitoring. If you have contacted TransUnion consumer support at any point between late 2023 and August 2025, assume you may be affected even before the letter arrives. You can also check haveibeenpwned.com by email address.

Was my TransUnion credit report or credit score exposed?

No. TransUnion says the stolen data came from a third-party Salesforce application used for customer support, not from the credit database. Your credit file, credit score, and detailed credit history were not accessed in this breach.

Is the free 24-month TransUnion monitoring enough protection?

It is a good start but not enough on its own. Stolen SSNs stay valuable for years, well beyond 24 months. Layer the free monitoring with a permanent credit freeze at all three bureaus, an IRS Identity Protection PIN, and ongoing dark web and data broker monitoring for the long haul.

Can I sue TransUnion over the breach?

Multiple class action lawsuits have been filed in U.S. federal court over the incident. Affected consumers can potentially join these actions. Check with a consumer protection attorney or watch the notification letter for opt-in details. Joining a class action does not usually affect your ability to also use the free monitoring.

Should I close my TransUnion account?

You cannot close a TransUnion credit file because credit bureaus collect data on you regardless of whether you interact with them. What you can do is freeze your file, opt out of prescreened credit offers at optoutprescreen.com, and remove yourself from TransUnion's separate marketing lists. See our TransUnion opt-out guide.

Protect Yourself Long-Term With PrivacyOn

The TransUnion breach is part of a wider wave of Salesforce-connected data theft that shows no sign of slowing. With your Social Security number, name, and address now circulating on criminal markets, ongoing protection matters far more than any single sign-up. PrivacyOn continuously removes your personal information from 100+ data brokers, monitors the dark web for your exposed details, and covers up to 5 family members on a single plan starting at just $8.33 per month. Do not wait for the next breach to act.

PT
PrivacyOn Team

Privacy Research & Removal Operations

Operates removal across 100+ data broker sitesGuides verified against live opt-out processesContent reviewed and updated continuously

The team that operates PrivacyOn's data-removal service — publishing opt-out guides and privacy research based on handling real removal requests every day.

Find out what's already exposed

A free 60-second scan shows your breaches and broker exposure. PrivacyOn removes it and monitors 24/7 so it stays gone.

★★★★★ 4.8/5 · Trusted by thousands of families