Data breach sees nearly 5 million users hit at major loan firm
Three TMX subsidiaries hit with a cyberattack, with millions of users affected
Public financial service company TMX Finance has disclosed suffering a data breach incident that exposed personally identifiable information (PII) on almost five million customers.
TMX Finance operates three subsidiaries: TitleMax, TitleBucks, and InstaLoan, all of which have been hit. TitleMax is a lending business, TitleBucks a car loans service, while InstaLoan is a personal loan service for people with poor credit scores.
Issuing a notification to affected individuals, TMX Finance said that whoever was behind the attack managed to get away with full customer names, birth dates, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, social security numbers, financial account information, phone numbers, postal addresses, and email addresses.
Data stolen in February
Overall, exactly 4,822,580 customers had been affected by the breach. They may need to use the best identity theft protection services to keep themselves safe.
In the notification, TMX said that the breach occurred in early December 2022, but the company only spotted something was amiss on February 13 2023. It took the company two weeks to conclude its investigation and on March 1 said that the data was siphoned in the period between February 3 and February 14.
“On February 13, 2023, we detected suspicious activity on our systems and promptly took steps to investigate the incident,” the company says in the announcement. “Based on the investigation to date, the earliest known breach of TMX’s systems started in early December 2022.”
“On March 1, 2023, the investigation confirmed that information may have been acquired between February 3, 2023 – February 14, 2023.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To address the issue, the company implemented additional endpoint protection and monitoring measures, and reset all employee accounts. It also gave all affected individuals 12 months of identity protection through Experian, free of charge.
TMX Finance is a Canadian firm that operates more than 900 stores in over fourteen US states.
There’s no word on who might be behind the attack.
- Check out the best firewalls right now
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.