In the wake of a major data breach that exposed the personal information of approximately 4.4 million individuals, credit reporting agency TransUnion is now facing a second class action lawsuit alleging failures in data security and protection.

The Breach: What Happened

The incident stemmed from unauthorized access to a third-party application linked to TransUnion’s systems. Hackers exploited this access point, allowing them to retrieve sensitive personally identifiable information (PII), including names, dates of birth, Social Security numbers, and contact data for millions of affected individuals. TransUnion disclosed the incident and subsequent notifications following its discovery in late July 2025.

Although TransUnion indicated that core credit reports and credit file databases were not accessed, the exposed PII still poses substantial risks for identity theft and fraud given how long such data can be misused.

First Class Action

Shortly after the breach was disclosed, a class action complaint was filed alleging that TransUnion failed to implement adequate cybersecurity measures to protect consumer data. That lawsuit asserts that TransUnion’s security practices were insufficient given the volume and sensitivity of data it stores.

Second Class Action Filed

A separate, second class action lawsuit has now been filed, amplifying legal pressure on TransUnion. The new complaint claims that TransUnion’s reliance on third-party systems and its broader cybersecurity posture were negligent and that the company failed to exercise reasonable care in safeguarding sensitive information.

The latest suit asserts multiple causes of action, including negligence, breach of implied contract, and unjust enrichment, and seeks both injunctive relief and monetary damages for all class members whose information was compromised.

Legal and Practical Implications

Multiple class actions over a single breach can:

• Increase scrutiny of a company’s cybersecurity practices
• Lead to consolidated litigation or settlement negotiations
• Potentially result in compensation for affected individuals if the courts find in favor of the plaintiffs

These developments also highlight the growing legal challenges companies face after large-scale data breaches, especially when sensitive personal data is involved.