Thousands of people have had their financial details, including credit card numbers and account PINs, exposed in a cyberattack on accounting services company ELO. Some cases of fraud using the stolen data have already been reported.
The American provider made the disclosure on January 18th, in which it said more than 15,000 clients had been affected. It discovered the data breach just over a week previously, but the attack itself is thought to have happened in March.
ELO says that it has launched an inquiry into the incident, which saw customers’ full names, addresses, Social Security numbers, birth dates, and bank account and tax return information exposed to an as yet undetermined threat actor.
The stolen data has already been used, in some cases, to facilitate other cybercrimes, it added.
“To date, ELO has been made aware of several reports or incidents of financial fraud as a result of the incident, as several impacted individuals had fraudulent tax returns filed upon their behalf,” said lawyers representing the firm.
ELO undertakes to promptly notify victims of any misuse of their personal information and has offered free credit monitoring services by way of compensation.
“ELO remains fully committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it,” it added.
Your email address will not be published. Required fields are markedmarked