A JDSupra piece about a breach at big 3 credit bureau TransUnion doesn't add much context about the size and scope of the incident. https://www.jdsupra.com/legalnews/transunion-llc-confirms-recent-data-6828319/ I reached out to TU and they said their systems were not compromised. Rather, that these were consumer impersonation attempts that used information obtained from non-TransUnion sources. "These fraudsters already possessed all of the necessary information from non-TransUnion sources to access consumer accounts." TU also said the Massachusetts AG notification went to 14 people.