Debt Relief Companies Experienced Data Breach, Exposing Information of 10,000 Customers
Illinois debt relief service provider disclosed a data breach event, resulting in the personal data of 100,000 American customers being leaked. The vulnerability was discovered on January 15, 2023, and was caused by an external hacker incident that leaked sensitive information, including names, addresses, birth dates, and Social Security numbers.
The company notified the affected individuals on [year] [month] [day] and provided identity protection services to mitigate potential abuse. It offers online account management for consumers participating in debt relief programs and collaborates with business-to-business clients such as [company name].
After the occurrence of the violation, the company issued detailed notifications to the affected parties, many of whom received the notifications due to their association with the business partners of . The disclosure of the violation indicates that immediately launched an investigation into the suspicious system activities and hired third-party forensic experts to assess the extent of the breach and identify the affected data.
Allegedly, the personal information exposed in this cybersecurity incident may include data of family members or co-applicants of certain accounts. Specifically, the leaked data includes:
- full name
- physical address
- date of birth
- social protection number
Considering the nature of the accessed data, the severity of this breach places customers at high risk for identity theft and related fraud, prompting the company to quickly issue notifications and offer protective services. Following the breach, several measures were announced to enhance its security.
The company's incident response measures include a global reset of all passwords, the implementation of advanced endpoint monitoring software, and the addition of new security controls to prevent similar incidents in the future. Additionally, free credit monitoring and identity protection services have been arranged for a year.
In the notification to clients, it is emphasized that while there is currently no evidence that the data has been misused, individuals should remain vigilant against any suspicious activities. The company encourages clients to regularly review their financial and credit statements and provides specific instructions on how to activate services and protect their credit files through fraud alerts or credit freezes.
