Massive data breach: American debt relief service exposes 1.5 million


Set Forth, Inc., a company that provides online account administration services to consumers enrolled in debt relief programs, disclosed a major data incident affecting 1.5 million people. Several law firms have launched investigations and are preparing potential class action lawsuits.

Names, Social Security Numbers, addresses, and dates of birth may have been affected after the breach at Set Forth, Inc. (formerly DebtPayPro and Debt Pay Gateway), a financial services company founded in 2009 and dedicated to helping consumers exit debt.

The incident was identified on May 21st, 2024. Set Forth claims it immediately implemented incident response protocols and engaged independent computer forensic specialists.

ADVERTISEMENT

On November 8th, the firm disclosed to the Maine Attorney General’s office that 1.5 million people, including 3,285 Maine residents, are affected. Unauthorized attackers gained access to the documents stored on the company’s systems.

“The investigation determined that personal information belonging to yourself, a spouse, co-applicant, or dependent may have been accessed during the incident,” the notice sent to users reads.

“While there is no evidence to suggest that your information has been misused, we wanted to make you aware of this incident out of an abundance of caution.”

Set Forth further details that it has relationships with business-to-business partner Centrex, Inc., and their customers are also affected. Set Forth platform allows businesses to collect and share consumer information, with their permission, between its users.

“Receipt of this letter may be confusing for those who have not been direct customers of Forth. You may be receiving this letter if you were a customer or have done business with Centrex, Inc.”

Gintaras Radauskas jurgita vilius Ernestas Naprys
Don’t miss our latest stories on Google News

The company says it is taking steps to prevent similar incidents from happening in the future.

“We deployed enhanced endpoint monitoring software, performed a global password reset, and implemented additional security controls. In addition to these measures, we are offering identity theft protection services through Cyberscout for 12 months.”

ADVERTISEMENT

The company advises users to remain vigilant and review financial accounts and credit reports regularly.

No ransomware gang tracked by Cybernews Ransomlooker has claimed responsibility for the attack or listed Set Forth among their victims on dark web sites.

Meanwhile, at least two law firms, Milberg Coleman Bryson Phillips Grossman, LLC and Shamis & Gentile P.A., have launched investigations into the incidents to determine whether a class action lawsuit can be filed.