The scale of the breach adds to growing concerns over the security of corporate databases as a series of major U.S. firms report being targeted by hackers. Image: Markus Spiske/Unsplash.

TransUnion, one of the largest credit reporting agencies in the United States, has confirmed that a data breach exposed the personal information of more than 4.4 million customers.

In a filing with the Maine attorney general's office on Thursday, the company attributed the incident to unauthorised access of a third-party application used in its U.S. consumer support operations. The breach occurred on July 28, 2025 and was discovered on July 30, as per court filings.

According to a recent report by Techcrunch, the company said that no credit information was taken but did not provide evidence to support the claim. The notice also did not specify the types of personal data accessed. 

According to the website of TransUnion, the agency stores the financial records of over 260 million Americans.

In recent weeks, companies including Google, Allianz Life, Cisco and Workday have disclosed breaches of customer data held in Salesforce-hosted cloud systems. Google has said those attacks were carried out by the hacking group ShinyHunters. It is not yet known who is behind the TransUnion breach, or whether any ransom demands have been made.