Data breach sees nearly 5 million users hit at major loan firm

Three TMX subsidiaries hit with a cyberattack, with millions of users affected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Public financial service company TMX Finance has disclosed suffering a data breach incident that exposed personally identifiable information (PII) on almost five million customers.

TMX Finance operates three subsidiaries: TitleMax, TitleBucks, and InstaLoan, all of which have been hit. TitleMax is a lending business, TitleBucks a car loans service, while InstaLoan is a personal loan service for people with poor credit scores.

Issuing a notification to affected individuals, TMX Finance said that whoever was behind the attack managed to get away with full customer names, birth dates, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, social security numbers, financial account information, phone numbers, postal addresses, and email addresses.

Data stolen in February

Overall, exactly 4,822,580 customers had been affected by the breach. They may need to use thebest identity theft protectionservices to keep themselves safe.

In the notification, TMX said that the breach occurred in early December 2022, but the company only spotted something was amiss on February 13 2023. It took the company two weeks to conclude its investigation and on March 1 said that the data was siphoned in the period between February 3 and February 14.

“On February 13, 2023, we detected suspicious activity on our systems and promptly took steps to investigate the incident,” the company says in the announcement. “Based on the investigation to date, the earliest known breach of TMX’s systems started in early December 2022.”

“On March 1, 2023, the investigation confirmed that information may have been acquired between February 3, 2023 – February 14, 2023.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

What is Elasticsearch and why is it involved in so many data leaks?>Elasticsearch databases are being hit hard by ransom attacks>Here are the best malware removal services at the moment

To address the issue, the company implemented additional endpoint protection and monitoring measures, and reset all employee accounts. It also gave all affected individuals 12 months of identity protection through Experian, free of charge.

TMX Finance is a Canadian firm that operates more than 900 stores in over fourteen US states.

There’s no word on who might be behind the attack.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up