HQ/EMEAFind out how we can help your business
TMX Finance and its subsidiaries have suffered a data breach incident that impacted the personal data of nearly five million customers. The confirmed subsidiaries affected by the incident are TitleMax, TitleBucks, and InstaLoad.
The Canada-based finance company disseminated a data breach notification letter to the compromised customers earlier this week. The letters informed the recipients that the hackers had breached its systems in December last year, but the detection only happened last month.
Moreover, TMX discovered that the network infiltrators had collected troves of data during a two-week persistence in its network in February after completing its internal investigation.
The company explained that they had spotted suspicious activities in their systems on February 13 and immediately deployed further investigations. Based on its immediate study, the earliest known attack of the breach occurred as early as December last year.
The culmination of the initial investigation on March 1 confirmed that the actors obtained the customer information during their two-week stay in the compromised company.
TMX Finance confirmed the affected data during the data breach.
According to investigations, TMX Finance revealed that the hackers had harvested customer data such as full names, dates of birth, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, social security numbers, financial account details, phone numbers, physical addresses, and email addresses.
Moreover, the company claims they have already contained the incident but notified everyone who monitors the systems for unwanted activities. TMX has adopted endpoint protection and monitored and reset its employee passwords to prevent reentry through infected internal accounts.
The company’s data breach notification letters also include instructions for affected individuals. Furthermore, the company will provide a free 12-month identification protection service and a security freeze.
TMX Finance has notified relevant law enforcement agencies, such as the Federal Bureau of Investigations, regarding the cybersecurity incident. However, the company did not refuse to distribute the notification letters to allow the authorities to continue the investigation.
Experts warn the affected customers to be wary of attempted phishing attempts and unwanted communications.
