TransUnion, one of the major US credit reporting agencies, disclosed a data breach that took place in July 2025, impacting 4.4 million customers.  The data breach involved a third-party application that stored personal customer data and served its US consumer support operations. It did not include its core credit database or credit reports. Although the data breach was contained within hours, threat actors may have stolen personal information, including at least names, Social Security numbers, and birthdates. TransUnion is sending notifications to affected individuals. The NJCCIC recommends that affected individuals review the Compromised PII and Identity Theft NJCCIC Informational Report.