Nearly 70K exposed after hacker attack on New York check casher

Published: 30 July 2025
Last updated: 30 July 2025
RiteCheck logo with a leaking payment card
Image by Cybernews.

RiteCheck Cashing suffered a cyberattack nearly a year ago, yet customers and employees whose payment card details were exposed were only notified this week.

The New York-based financial services provider sent out breach notification letters to tens of thousands of affected customers, discussing the details of a 2024 data breach. According to the company, an “unauthorized user” accessed the company’s servers in late August of last year.

“The contents of the server were reviewed, and it was discovered that personal information belonging to a subset of RiteCheck customers and employees was potentially impacted as a result of the incident,” reads the breach notice.

ADVERTISEMENT

According to information that the company submitted to the Maine Attorney General’s Office, the data breach impacted over 68,000 individuals. Meanwhile, the breach notification reveals that RiteCheck’s customers and employees may have had their personal details leaked. These include:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Driver’s license numbers
  • Government-issued ID numbers
  • Payment card numbers
Ernestas Naprys Niamh Ancell BW Konstancija Gasaityte profile Marcus Walsh profile
Get our latest stories today on Google News
Google News Follow us

While the breach notice says that “potentially impacted personal information includes names along with one or more of the following” details listed above, individuals who had their data exposed will face increased data privacy risks.

If attackers got their hands on all of the details mentioned in the breach notification, they could steal exposed individuals’ identities, take out fraudulent loans, or attempt to take over existing accounts.

Meanwhile, exposed payment card numbers are a prized possession in the cyber underworld, with attackers often using fake identities and payment cards to carry out illicit activities. What makes matters worse is that the investigation into the attack took 11 months, and whoever carried it out had ample time to use the stolen data.

RiteCheck said that in response to the incident, the company “changed passwords to user accounts and deployed threat detecting and endpoint monitoring tools into their environment.”

Additionally, the company said that it will offer impacted individuals 12 months of credit monitoring and identity protection services.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked