Overview

• A filing in Maine says attackers accessed a vendor application used for U.S. consumer support on July 28 and the activity was detected July 30, impacting 4,461,511 people including roughly 17,000 in Maine.
• TransUnion says the exposed information was limited in scope and did not include credit reports or its core credit database.
• The company is providing 24 months of free credit monitoring via myTrueIdentity and fraud assistance through Cyberscout.
• TransUnion has engaged law enforcement and independent forensic experts and has not identified the third-party application involved.
• Some outlets report a possible link to recent Salesforce‑focused data‑theft campaigns and potential exposure of Social Security numbers, which TransUnion has not confirmed.