TMX Finance Corporate Services has suffered a data breach, with nearly five million people in the US possibly having their names and credit card details stolen as a result. This could leave the victims, many of them from underprivileged backgrounds, wide open to being defrauded.
In a letter to affected clients, TMX Finance Corporate Services, writing on its own behalf and that of parent company TMX Finance and affiliates TitleMax, TitleBucks, and InstaLoan, said it detected “suspicious activity” in its computer systems on February 13th.
A subsequent investigation determined that the “earliest known breach” occurred some time in December and that ”information may have been acquired” between February 3rd and 14th.
According to a notification submitted on August 23rd to the Attorney General’s Office in Maine — which imposes strict reporting requirements on any organization that suffers a data breach affecting its residents — the stolen data included names, financial account and credit or debit card numbers, security and access codes, and account passwords and PINs.
The total number of Maine residents affected was 84, but that’s just the tip of the iceberg for TMX, which admitted a grand total of 4,895,817 people across the US may have had their personal information stolen by threat actors behind the breach.
TMX says that it began notifying affected people on March 30th and has since “contained and eliminated the unauthorized activity on our systems.”
“We continue to monitor our systems for any suspicious activity,” it added. “We have implemented additional security features, such as endpoint protection and monitoring, as well as resetting all employee passwords. We continue to evaluate ways to further enhance the security of our systems.”
By way of compensation, TMX has offered victims a year’s worth of free credit monitoring and identity protection services from provider Experian, which was recently fined for sending unsolicited sales emails to customers.
The TMX Finance “family of companies” prides itself on offering crisis loans to the underprivileged, or as it puts it on its flagship website, “consumers who are underserved by traditional lenders.”
Sadly, this likely means that future TMX victims of the data breach may have the most to lose — cybercriminals often steal personal data to sell on to other crooks on the dark web, who then use them for digital fraud-based crimes involving identity theft and social engineering or phishing scams.
More from Cybernews:
Subscribe to our newsletter