TransUnion has confirmed it has been the victim of a breach, with the data of more than 4.4 million customers now at risk.

On July 28, TransUnion was the subject of a major credit breach. One of the biggest credit reporting agencies in the United States, TransUnion confirmed that there was an incident on Thursday, in filings to the Maine and Texas attorney general's offices.

The breach was a major one that apparently involved an attacker accessing a third-party application. TechCrunch reports it was an application that stored the personal data of customers in its U.S. consumer support arm.

Few actual details about the leak have been revealed so far, with the incident disclosures revealing the extent of the breach affects more than 4.4 million of TransUnion's customers. Currently, TransUnion stores the financial details of more than 260 million people in the United States.

The types of data seized during the breach include personal information, including names, dates of birth, and Social Security numbers. However, TransUnion adds that "no credit information was accessed."

Aside from the state filings, TransUnion has started to send notification letters to consumers. The letters, shown to Money, explain about it affecting a third-party application, and that it takes seriously "the responsibility to help secure consumer information."

Affected customers are being offered two years of free credit monitoring services from Cyberscout.

It is also unknown who is behind the breach, but it is the latest in a number of major incidents. Attacks have taken place against many organizations throughout the summer, including Google, Allianz Life, Qantas, and Microsoft SharePoint servers.

How Apple users can protect themselves

Based on the limited information provided in the disclosures, it seems that the breach is limited in terms of what information was gleamed. However, it is enough for malicious attackers to cause problems.

Combining the data with information from other breaches, attackers could easily send out phishing emails to affected users. It may also provide enough information to impersonate the target for other means, such as to gain access to various online services.

For the moment, the advice is to have good digital hygiene. This includes being vigilant about the content and sources of messages being received, not clicking on suspicious links, and keeping tabs on subscriptions and service usage.

Using credit monitoring services would also be advisable in this instance, especially considering the target of the breach.