TransUnion Study Shows Escalating Data Breaches and Fraud are Hurting Lenders and Households

This is in an era where online living permeates every facet of existence — from banking and shopping to dating and doctors’ visits — that keeping personal data private has never been more important. 

TransUnion‘s H1 2025 State of Omnichannel Fraud Report published some staggering statistics, pointing to just how quickly cyber risks are growing and diversifying.

As TransUnion’s Steve Yin put it concisely, “Fraud isn’t about hacking firewalls anymore — it’s about going after the human on the other side of the screen.”

U.S. data breach severity increased 34% from 2023 to 2024, the largest increase since the study began in 2020, the report states. Oddly, that came as the number of breaches fell 45%. In other words, there may be fewer breaches, but when they do happen, they’re hitting harder. 

A full 78% of these breaches exposed Social Security numbers, up from 51% last year. That’s not just inconvenient—that’s an invitation to identity theft, fraud, and years of financial repercussions.

It’s not your run-of-the-mill contact information either. We’re talking full identity kits: driver’s license numbers, insurance, and even biometric information sometimes. 

Yin, in an interview with BadCredit.org’s Adam West, explained, “They’re not just taking names anymore — they’re looking for full identities they can sell.” Once your data is on the dark web, it spreads, gets repackaged, and stays there for years.

This increase in big-name breaches has translated into actual financial pain. Nearly 1 out of 3 consumers worldwide say they’ve lost money to fraud in the last year, often because of email phishing, questionable texts, or fake websites. 

The median loss of $1,747 may not sound crippling, but Yin noted, “For some families, that’s a month’s rent or the grocery bill. That type of loss derails a tight budget quickly.”

It’s not just households that are getting squeezed. U.S. lenders had exposure to $3.3 billion of synthetic identity fraud as of the end of 2024. That’s a record. 

This fraud involves artificial identities that are created by combining real and fake information to construct someone who doesn’t exist — but who can still open credit cards, apply for loans, and rack up debt. Lenders are increasingly feeling the threat, especially in categories like auto loans and retail credit. 

The scammers are getting more advanced. The latest targets involve fewer records compromised — but with more individual data per breach. That’s behind the 20% rise in account takeover attempts globally from 2023 to 2024. 

The 11% increase in financial transactions flagged for review also points to how aggressively the scammers are pushing for money.

And the attacks are arriving faster. AI-driven automated bots can launch enormous credential-stuffing attacks, where they attempt to pilfer usernames and passwords on dozens of websites within seconds. 

Even a small leak can escalate into locked accounts, drained savings, or worse. Yin stated that “Generative AI makes phishing emails sound more legitimate, voices more convincing, and attacks easier to scale. That’s where this is headed.”

Banks are scrambling to get up to speed. Synthetic identity fraud is slippery — it’s difficult to detect because the person technically doesn’t exist. And once they’re in the system, they can act like a legitimate customer for months or even years.

To stay ahead, banks are ramping up their defenses. From behavioral biometrics (how you type or swipe) to real-time fraud analytics, everything is on the table. Those are expensive tools and must be constantly updated. 

“Fraud is no longer a one-on-one crime. It’s an ecosystem problem, and everyone plays a role in protecting it.” — Steve Yin, TransUnion

Large banks can pay for them, but smaller banks and fintech upstarts generally can’t. Yin said, “A small bank may have a lean fraud team or no team at all. That’s a real gap fraudsters know how to exploit.”

For the rest of us, safety is a matter of being proactive. Monitor your credit and bank accounts regularly. Don’t overlook unusual charges or unexpected emails. Activate two-factor authentication where you can, and consider freezing your credit if you don’t foresee needing new loans in the near future. 

TransUnion also offers services like TruEmpower, which gives you a personal risk score and offers recommendations based on your situation. Yin conceded that the threats are coming at a breakneck speed: “There’s fatigue — we get it. But a few smart steps can make all the difference.” 

You needn’t pay to shore up your defenses, though. Following good password hygiene, being careful about links and downloads, and locking down the privacy settings on your social media profiles can go a long way. 

TransUnion’s report informs us we’re no longer battling opportunistic hackers alone. These are data-driven, organized campaigns targeting consumers and businesses. As the line between our offline and online lives keeps fading, it’s clear we all need to stay on our toes and take action. 

“Fraud is no longer a one-on-one crime,” Yin said. “It’s an ecosystem problem, and everyone plays a role in protecting it.” 

Don’t wait until it’s your turn to get serious about security. Adapt, update, and stay on your toes — because the scammers most definitely are.