Skip to main content
SSN search not allowed

Data Security

The security and protection of consumer information is the highest priority for TransUnion.

Data Security

The security and protection of consumer information is the highest priority for TransUnion.

Our Security

Data security and stewardship is vital to consumer protection and enabling trust. At TransUnion, we continually invest in improvements to protect the data we hold on behalf of consumers and businesses.

To maintain a comprehensive information security program consistent to our size and complexity, we secure and protect the information entrusted to us by building, monitoring and defending security ecosystem  built on a foundation of compliance and accountability. We proactively manage our programs and continuously invest to secure the data we hold on behalf of consumers and businesses.

Our Strategy, Plans and Programs

The priorities of TransUnion’s information security program are:

  • Decrease targets for our adversaries while ensuring no asset is hidden from our security teams
  • Take a proactive security stance by searching for threats and risk inducing points in our enterprise
  • Lead the industry in defining security standards and grow consumer trust
  • Reduce our threat exposure by focusing where exploitation is more likely and consequential

Cyber threat and intelligence

Within our 24/7/365 Security Operations Center, TransUnion associates monitor our networks – including our connections with customers and partners – for any attempts to access our systems or data, and all potential events are tracked and classified by our Cyber Threat and Intelligence function. Our highly-skilled talent deploys industry-leading solutions to manage the vulnerability and threat environment, and all applications and networks undergo internal and external, third-party penetration tests annually or more, contingent on the threat environment.

Physical & Personal Security

Our security ecosystem includes the use of third parties, suppliers and vendors who are carefully selected to support our risk goals. Our Third-Party Risk Management program sets requirements and guidelines for third-party vendors, suppliers and partners, using an Enterprise Security Ratings Platform to gather terabytes of data from security sensors around the world, and providing insights concerning potential risks. Each third-party company receives a security rating based on the severity, frequency and duration of security incidents.

Third-Party Risk Management

Physical security is a crucial component of information security and worker safety. In our most sensitive sites, we employ stringent physical security controls limiting access to our facilities, including biometric and badge access, and security guards at external entry points. In addition, we employ automated mechanisms to recognize potential intrusions and initiate designated response actions. 

Information Security Compliance and Regulations

TransUnion is committed to aligning with industry-leading, cyber risk management best practices, and complying with all legal and regulatory requirements. Our information security program is fundamentally based on ISO\IEC 27001:2013; it includes a global-level Information Security Department that develops the company’s security policies, standards and procedures. This department centrally administers security on the major corporate platforms, and oversees the administration of other systems and platforms. Additionally, TransUnion maintains several information security certifications annually, including Payment Card Industry (PCI), SSAE 18 SOC II Type II and ISO 27001.

To maintain certifications and align with best practices, we conduct regular cybersecurity-related audits and assessments both internally and externally. Our internal and external independent security audits and assessments are conducted at least annually. Continuously and successfully completing these industry certifications demonstrates TransUnion’s commitment to security and adherence to industry expected benchmarks.

For more about information security, please read our 2024 Global Impact Report.

2024 Global Impact Report