TMX Finance, a US-based consumer loan company, has informed over 4.8 million customers that their personal information was stolen in a data breach. The company operates approximately 1,100 stores in 15 states, offering loans under three brands: TitleMax, TitleBucks, and InstaLoan.
The data breach was identified on February 13, 2023, and impacted the customers of all three services, according to a notification letter sent to affected individuals. The letter was submitted to the Maine Attorney General’s Office.
TMX Finance has stated that the attackers accessed its systems in December 2022, but data exfiltration only occurred between February 3 and February 14, 2023. Compromised personal information includes names, addresses, phone numbers, email addresses, birth dates, driver’s licenses and passport numbers, ID numbers, Social Security numbers, tax identification numbers, and/or financial account details.
The company has contained the incident and rotated all employee passwords. TMX Finance is monitoring its network for suspicious activity and has informed law enforcement of the incident. The company did not say how the intruders gained access to its network or whether ransomware was used in the attack.
Stolen personal information is often sold or shared on cybercrime websites and then used in various types of attacks, including phishing. TMX Finance is facing a class action lawsuit as a result of the data breach. Customers are advised to be vigilant against potential phishing attacks and to monitor their accounts for suspicious activity.
The notification letter stated that TMX Finance takes the security and privacy of its customers seriously and is taking steps to prevent a similar incident from occurring in the future. The company is offering one year of free credit monitoring and identity theft protection services to affected individuals.
The data breach is a reminder of the importance of data security and the potential consequences of a breach. Personal information is a valuable commodity on the dark web, and once it is stolen, it can be difficult to control its spread. Businesses need to implement robust security measures to protect their customers’ information.
In response to the incident, cybersecurity experts have advised consumers to take proactive steps to protect their personal information. These steps include using strong and unique passwords for each online account, enabling two-factor authentication where available, and regularly monitoring credit reports for suspicious activity.
TMX Finance is just the latest in a long line of companies that have experienced data breaches in recent years. The incident highlights the need for businesses to be vigilant about data security and to take proactive steps to protect their customers’ information.
