Major breach at American debt services firm exposes data of over a million customers

Data leak
(Image credit: Shutterstock)

  • Set Forth confirms suffering a data breach in May 2023
  • Roughly 1.5 million people were affected by the incident
  • Set Forth offers 12 months of identity theft protection

American debt services company Set Forth has confirmed suffering a data breach incident in which sensitive information on more than a million people was stolen.

In a data breach notification letter sent to affected customers, the company said it identified “suspicious activity” on its systems on May 21 2024.

After implementing its incident response protocols, and engaging third-party forensic experts which investigated the incidents, the company determined that some personal information from its customers, as well as their spouses, co-applicants, or dependents, was stolen.

Defending the premises

The data stolen in the attack includes people’s names, postal addresses, birth dates, and social security numbers. In a subsequent filing with the Office of the Maine Attorney General, Set Forth confirmed that 1.5 million people were affected by this breach.

At press time, there was no information on who might have stolen the archives. No threat actors have yet assumed responsibility for the break-in.

To prevent similar incidents from happening in the future, Set Forth outlined a number of implementations, including enhanced endpoint monitoring, a global password reset, and additional security controls. Furthermore, the company is now offering identity theft protection services for affected individuals for 12 months, through Cyberscout.

“Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering,” Set Forth concluded in its letter.

In the meantime, multiple law firms have started looking into the matter, to see if there is grounds for a class-action lawsuit.

Via Cybernews

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.