Transunion 2025 Data Breach

TransUnion Credit Bureau Breach (Salesforce, 2025): 13 Million Customer Records Including SSN & Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersFinancialEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
Low SeverityWebsite / service breach

TransUnion Credit Bureau Breach (Salesforce, 2025): 13 Million Customer Records Including SSN & Home Address Exposed

Credit reporting and information services company.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
33Data Value

Breach Intelligence Summary

Entity: Transunion · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Credit reporting and financial data analytics · Data aggregation and scoring services · Global
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 13.1M records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

TransUnion, one of the three major U.S. consumer credit reporting bureaus, was listed among approximately 39 organizations targeted by a group calling itself "Scattered LAPSUS$ Hunters" in October 2025. The attackers accessed data through a supply chain pathway linked to Salesforce, which attributed the campaign to customer-side integration vulnerabilities rather than a compromise of its core platform. On October 3, 2025, the group published a sample of the stolen database, with the full dataset of 13.1 million records reportedly scheduled for release on October 10, 2025. The exposed data includes full names, email addresses, phone numbers, home addresses, and Social Security numbers, though SSNs appear in roughly 1% of sampled records. The breach also exposed customer account details, support chat transcripts, IP addresses, and authentication status flags. Because TransUnion operates at the center of the U.S. credit and identity verification system, this combination of data is particularly dangerous. Criminals can use it to open fraudulent accounts, bypass identity checks, and cause lasting damage to victims' credit profiles. TransUnion has not issued detailed public statements about the specific scope of its exposure in this campaign. No regulatory actions or formal notifications have been publicly confirmed as of the time of this report. Affected individuals face a severe and persistent risk of identity theft and financial fraud. Anyone who believes they may be affected should consider placing a credit freeze with all three major bureaus, monitoring their credit reports closely, and watching for signs of account takeover or unauthorized financial activity.

ObscureIQ assessment: Severe risk similar to Experian. Enables identity theft, fraud, and long-term financial exploitation. Data persistence and widespread use across institutions amplify downstream harm.

Breach Impact

TransUnion was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025. The exposed records included names, email addresses, phone numbers, home addresses, and Social Security numbers — a particularly sensitive combination given TransUnion's identity as a credit bureau whose data sits at the center of identity theft risk frameworks. The irony of a credit bureau being listed in a mass identity data exposure was noted widely in security reporting. TransUnion has not made detailed public statements about the specific scope of its exposure in this campaign. Salesforce attributed the campaign to customer-side integration vulnerabilities rather than a core platform compromise.

About Transunion

TransUnion is one of the three major U.S. consumer credit reporting bureaus, collecting and maintaining credit histories on hundreds of millions of individuals globally. The company is publicly traded on the NYSE and headquartered in Chicago. Beyond credit reporting, it provides fraud detection, identity verification, marketing analytics, and risk management services to financial institutions, insurers, and employers in more than 30 countries.

Why They Hold Your Data

Credit reporting agencies aggregate identity, credit, financial, and behavioral data across individuals, including credit scores, account histories, addresses, and employment-related information.

Recent Developments

TransUnion has continued expanding its international data and analytics footprint, with particular focus on financial services risk products and identity verification. The company has been investing in AI-driven fraud detection capabilities. It has also faced scrutiny from consumer advocates over data accuracy and access practices under the Fair Credit Reporting Act. The 2025 Salesforce campaign was the most significant data security event of the period.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Transunion breach?

TransUnion, one of the three major U.S. consumer credit reporting bureaus, was listed among approximately 39 organizations targeted by a group calling itself "Scattered LAPSUS$ Hunters" in October 2025. The attackers accessed data through a supply chain pathway linked to Salesforce, which…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation