Cybercriminals Target TransUnion, Farmers Insurance & Medical Providers in Massive Breaches

Data breaches aren’t slowing down — and the latest numbers are proof. In just the past month, millions of sensitive records have been exposed through major breaches at companies like TransUnion, Farmers Insurance, and multiple health care providers. From financial giants to medical groups, no industry is off-limits when it comes to cybercriminals seeking valuable personal information. The ripple effect of these breaches can be devastating, leaving individuals vulnerable to identity theft, fraud, and long-term financial harm.

In this post, we’ll break down the details behind each of these incidents — what was exposed, who was affected, and why it matters — so you can better understand the risks and stay protected.

TransUnion

Organization Description: TransUnion is a global information and insights company and one of the largest of three U.S. credit reporting agencies.

Breach Size: 4.4 million records

Data Exposed: TransUnion’s recent breach exposed over 4.4 million records including Social Security numbers, credit details, and personal identifiers. The breach stemmed from unauthorized access to a third-party application (Salesforce) tied to TransUnion’s consumer support operations. TransUnion states that its core credit reporting database and credit reports themselves were not breached.

Healthcare Services Group, Inc.

Organization Description: Healthcare Services Group, Inc. (HCSG) provides management, housekeeping, laundry, dietary, and facility maintenance services to health care facilities.

Breach Size: 624,000 people

Data Exposed: Healthcare Services Group detected that an unauthorized actor had accessed and copied files from its network. The exposed data may include full names, Social Security numbers, driver’s license or state ID numbers, financial account info, and login credentials.

Farmers Insurance

Organization Description: Farmers Insurance is an American insurance group that offers property, casualty, and financial services.

Breach Size: 1.1+ million people

Data Exposed: After an unauthorized actor accessed the Farmers Insurance database in a widespread Salesforce attack, the information of over 1 million customers was exposed. Impacted data includes names, addresses, dates of birth, driver’s license numbers, and in some cases, the last four digits of Social Security numbers.

Absolute Dental Group, LLC

Organization Description: Absolute Dental Group provides administrative and management support for numerous dental practices across Nevada.

Breach Size: 1.2+ million people

Data Exposed: Absolute Dental reported that a cyberattack led to unauthorized access of personal and protected health information. The exposed data included names, contact details, Social Security numbers, driver’s license or state IDs, financial information, and in some cases, medical histories and insurance details.

Vital Imaging Medical Diagnostic Centers

Organization Description: Vital Imaging Medical Diagnostic Centers is a provider of medical imaging and diagnostic services with multiple centers in the Miami area.

Breach Size: 260,000 people

Data Exposed: Vital Imaging Medical Diagnostic Centers disclosed that unauthorized access to its network resulted in the compromise of patients’ sensitive medical, insurance, and demographic information.

Ohio Medical Alliance

Organization Description: Ohio Medical Alliance, which operates under the brand name Ohio Marijuana Card, is a provider of medical marijuana card services.

Breach Size: 1 million patient records

Data Exposed: The recent Ohio Medical Alliance data breach exposed extremely sensitive personal and medical information, including Social Security numbers, mental health evaluations, physician reports, and government-issued IDs. Related documents also leaked images of driver’s licenses, application histories, and internal communications listing appointment details and email addresses.

Hacking & Phishing News 

Supply Chain Attack

A supply chain attack happens when hackers exploit a vendor, third-party service, or software provider that a company relies on, rather than going after a company directly. By breaking into this often-weaker link, cybercriminals can piggyback their way into much larger targets.

For example, in the TransUnion breach, attackers didn’t directly penetrate TransUnion’s core credit reporting systems. Instead, they compromised a Salesforce-linked third-party application used in TransUnion’s U.S. consumer support operations. Since this app was integrated with TransUnion’s environment, gaining access to it gave hackers a backdoor into sensitive customer records.

Keylogger

A keylogger is a type of malicious software or device designed to secretly record every keystroke a person makes on their keyboard. Cybercriminals use keyloggers to capture sensitive information such as usernames, passwords, credit card numbers, and private messages — often without the victim ever realizing it. For example, if a keylogger is installed on a computer, it could silently track someone typing in their online banking credentials and send that data back to the attacker.

Data breaches show just how easily cybercriminals can gain access to your sensitive information — from Social Security numbers and financial data to medical histories and personal identifiers. The consequences are real: identity theft, financial loss, fraudulent accounts, and long-term damage to your credit and reputation.

With IDSeal, you don’t have to face these threats alone. Our identity protection monitors your personal information 24/7, alerts you to suspicious activity, and provides full restoration support if your data is ever compromised. By staying proactive with IDSeal, you can reduce the risk of fraud and regain peace of mind, even in a world where data breaches are becoming all too common.

For the latest updates on data breaches and cybersecurity threats as they happen, stay connected with us on social media. Don’t wait to become a victim — start protecting your identity now!