Details are scarce. In a statement to Money, TransUnion said “the incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers,” adding, “we are working with law enforcement and have engaged third party cyber security experts for an independent forensics review.”

As of press time, TransUnion had not made any public announcements about the data breach on its website, but the company told Money that it is notifying affected costumers.

In the Maine filing, TransUnion said it began sending out letters notifying people affected by the breach on Tuesday.

“We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations,” a sample letter reads. “We regret any concern caused by this incident and take seriously the responsibility to help secure consumer information.”

TransUnion told Money that the leak did not involve its “core credit database or include credit reports" and that the company “identified and contained this event within hours.” The credit bureau is offering two years of free credit monitoring services (provided by Cyberscout) to those impacted, according to the letter.