Data breach sees nearly 5 million users hit at major loan firm

Public financial service company TMX Finance has disclosed suffering a data breach incident that exposed personally identifiable information (PII) on almost five million customers. 

TMX Finance operates three subsidiaries: TitleMax, TitleBucks, and InstaLoan, all of which have been hit. TitleMax is a lending business, TitleBucks a car loans service, while InstaLoan is a personal loan service for people with poor credit scores.

Issuing a notification to affected individuals, TMX Finance said that whoever was behind the attack managed to get away with full customer names, birth dates, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, social security numbers, financial account information, phone numbers, postal addresses, and email addresses. 

Data stolen in February

Overall, exactly 4,822,580 customers had been affected by the breach.

In the notification, TMX said that the breach occurred in early December 2022, but the company only spotted something was amiss on February 13 2023. It took the company two weeks to conclude its investigation and on March 1 said that the data was siphoned in the period between February 3 and February 14. 

“On February 13, 2023, we detected suspicious activity on our systems and promptly took steps to investigate the incident,” the company says in the announcement. “Based on the investigation to date, the earliest known breach of TMX’s systems started in early December 2022.” 

“On March 1, 2023, the investigation confirmed that information may have been acquired between February 3, 2023 – February 14, 2023.”

To address the issue, the company implemented additional endpoint protection and monitoring measures, and reset all employee accounts. It also gave all affected individuals 12 months of identity protection through Experian, free of charge. 

TMX Finance is a Canadian firm that operates more than 900 stores in over fourteen US states. 

There’s no word on who might be behind the attack. 

Via: BleepingComputer