TransUnion Says Hackers Stole 4.4 Million Customers' Personal Information (techcrunch.com)
- Reference: 0178918294
- News link: https://it.slashdot.org/story/25/08/28/1758241/transunion-says-hackers-stole-44-million-customers-personal-information
- Source link: https://techcrunch.com/2025/08/28/transunion-says-hackers-stole-4-4-million-customers-personal-information/
> Credit reporting giant TransUnion has [1]disclosed a data breach affecting more than 4.4 million customers' personal information . In [2]a filing with Maine's attorney general's office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers' personal data for its U.S. consumer support operations.
>
> TransUnion claimed "no credit information was accessed," but provided no immediate evidence for its claim. The data breach notice did not specify what specific types of personal data were stolen. In a [3]separate data breach disclosure filed later on Thursday with Texas' attorney general's office, TransUnion confirmed that the stolen personal information includes customers' names, dates of birth, and Social Security numbers. [...] It's not clear who is behind the breach at TransUnion, or if the hackers made any demands to the company.
[1] https://techcrunch.com/2025/08/28/transunion-says-hackers-stole-4-4-million-customers-personal-information/
[2] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/3dcd9b7c-bce3-4685-bffd-f728ce96e2fd.html?7194ef805fa2d04b0f7e8c9521f97343
[3] https://www.documentcloud.org/documents/26078139-transunion-breach-texas/
People are idiots (Score:3)
Protect data... but not a big deal since every Americans info has been stolen several times from several companies because they are idiots.
We need a building code (Score:3)
The safety of a normal building is ensured in part because we require by law that it follow a building code, and that it be inspected, with fines if they don't fix it. Otherwise buildings would be built cheaply and shitty and falling down on us all the time.
We need a building code for the technology that critical companies (like the credit bureaus) use. Otherwise they will just keep having shit security and we will all be hacked constantly forever.
Re: (Score:2)
Yep. And once upon a time, before building codes, buildings used to be built that way. Building codes took centuries (millennia!) to develop. It was not immediately obvious what needed to go into them, and the politics of the whole matter complicated things further. Computer system codes will likely take the same, at least, since computer systems are not as simple as buildings.
Re: (Score:2)
isn't that basically what PCI, HIPAA and such were supposed to be?
Re: (Score:2)
Buildings are all generally the same and are built according to plans that are formalized in advance. Every piece of software is unique and evolves.
Builder: How many floors do you want in your building?
Customer: We're not really sure. Start with two, and we'll see how many more we need after we start moving in.
Years later, a 50 story building collapses because it's made of wood.
Re: (Score:2)
Building codes exist for two reasons:
insurance companies got tired of the expense of covering death traps.
those buying a house don't want to buy a death trap - or more specifically the banks making the big loans to buy a house didn't want to be stuck losing everything when that death trap falls apart or goes up in flames killing the 'owner' leaving the bank with nothing but land with a junk pile.
Sure, codes indirectly protect your life - but make no mistake they exist primarily so that your debt ca
Re: We need a building code (Score:2)
You don't need codes. You need liability and insurance.
Say - for example - a builder wants build a 4 bedroom $1M house. They might have to attach a bond to that build before sale that would cover $1M for the house replacement, $250k for restoration/cleanup of the property in case of total loss, $1M for each bedroom in life insurance, and $250k for property inside, totalling a $5.5M insurance policy on the build.
That bond would stay with the house for 30 years, after which the bond and any interest accrued g
Lack of information.... (Score:2)
I'm a fan of liability.
The media industry had a fine law passed ( [1]https://www.law.cornell.edu/uscode/text/17/504 [cornell.edu] that set minimum statutory damages at $750 to $30,000 per copyright violation. It could, of course, be more.
I think that the same law should be written for personal information - statutory damages of $1000 to $10,000 per event, set by the type of personal information leaked. You leak my name and email address? You pay me $1000. You leak my name, credit card numbers and CVNs, you pay me $5000.
[1] https://www.law.cornell.edu/uscode/text/17/504
We Have No Choice (Score:1)
It's not like anyone chooses Transunion, or Equifax. They have your stuff whether you like it or not. They are massive targets for state-sponsored hacks and they just don't seem to know how to keep what is literally the most important and sensitive data about you safe. But what are you gonna do? Switch to some other agency?
MAGAs: (Score:1)
"See, toldja ya can't trust those trans-genders!"
Re: (Score:2)
> MAGAs
Found one! Do us all a favor and fuck off already?
Re: (Score:1)
You MAGAs bully and belittle them and then act surprised when they snap.
Re: (Score:1)
Maybe they were bullied when younger and thus associated their problems with youth. Snapped people don't act rationally by definition.
Re: (Score:1)
It gives HateJelicals a talking point for their simple-minded echo chambers.
Oh, the irony ... (Score:4, Informative)
TransUnion sells identity protection services that monitor for exposure of exactly the same kinds of data (name, DOB, SSN) that were themselves stolen in the breach. In other words:
What they promise to watch for unauthorized exposure of your personal identifiers.
What hackers actually took from them those same identifiers.
That’s a bit like a lock company being robbed of its own keys.
It highlights a fundamental problem: once those “static” identifiers (SSN, DOB, etc.) are stolen, they can’t really be changed. Unlike a password, you can’t just “reset” your Social Security number.
That’s why breaches at credit bureaus are particularly concerning — they’re custodians of the most sensitive personal data, and when they get breached, the damage is both widespread and long-lasting.
This is just dreadful! (Score:2)
This seems like the least of our problems when the difference between this incident and TransUnion's entire business model is that they didn't get paid to provide the records this time.
Alternate title: (Score:3)
> TransUnion Says Hackers Stole 4.4 Million Customers' Personal Information
"Privacy Rapists That Deal in Customers' Personal Information Leak 4.4 Million Customers' Personal Information"
There FTFY.
Ugh (Score:2)
Life was better for everyone before credit scores were a thing.
Customers (Score:3)
Are these "customers" people who voluntarily gave their info to transunion or people who became "customers" by some other route ?
Re: Customers (Score:1)
Why does this stuff even matter anymore? Everyone's information is out there already, especially after the credit company hack (Equifax as I recall). A new breakin is mostly retrieving information that is already out there.
Re: (Score:3)
> Why does this stuff even matter anymore? Everyone's information is out there already, especially after the credit company hack (Equifax as I recall).
Because not everyone who has credit today had credit back then. It's important to fix this recurring problem today for the benefit of future generations. "A society grows great when old men plant trees whose shade they know they shall never sit in." (Greek proverb)
Re: (Score:2)
> Are these "customers" people who voluntarily gave their info to transunion or people who became "customers" by some other route ?
I get that 99.999999% are not [1]"customers" of theirs [slashdot.org] at all - purely victims of their monopoly power.
[1] https://slashdot.org/comments.pl?sid=23424808&cid=64712938
*bet, not 'get' (Score:2)
I bet, not 'get'
Re: (Score:2)
> I get that 99.999999% are not [1]"customers" of theirs [slashdot.org] at all - purely victims of their monopoly power.
Monopoly? There's also Equifax and Experian. If anything, credit bureaus make the lending industry more competitive by centralizing the risk management aspect at in independent third party. Without them, you'd end up with a cartel of banks that shared risk information between members and any new competition would be locked out.
[1] https://slashdot.org/comments.pl?sid=23424808&cid=64712938
Re: (Score:2)
> Monopoly? There's also Equifax and Experian.
LoL! Sweet, naive innocent child!
Re: (Score:2)
> LoL! Sweet, naive innocent child!
If it really bothers you, start a grassroots movement to have a law passed to require them to delete your data upon request. No credit is effectively just as bad as bad credit, so if that's what you really want, have at it.
Re: (Score:2)
> you in fact don't have any choice (or control) over which of those assholes gets your data.
Again, this could be entirely addressed with an opt-out law. If you want your history to be blank at the bureaus you'd rather not have an association with, they should allow that option. However, lenders would still be free to interpret that as "what is this person trying to hide?" and consider you a higher risk. And if you cleared all your data on all three, that'd be like marking your feedback as private on eBay. No lender would want to touch you.
Most people actually want good credit, because that mea
Re: (Score:2)
Okay, your wish has been hypothetically granted - you have a magic button that lets you delete all your information from the credit bureaus. Now, try getting a loan or line of credit and see what happens.
Re: Customers (Score:2)
Can't get a loan? That's a positive for most people. Most people should never have taken the loans they have and getting cut off is the best thing for them.
Re: Customers (Score:2)
If the whole dataset is 4.4M, that suggests it's more direct customers, rather than third party reporting. I'm guessing TransUnion has third party data on most Americans who have ever used credit, so that would be way more than 4.4M.
It's probably closer to the number of people who sign up for credit reports.