TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan announced a data breach that affected more than 4.8 million customers from 1,000 consumer lending outlets across the US. The data stolen included dates of birth, passport #s, driver’s license #’s, federal/state ID #’s, , SSN’s and financial account information.
In a data breach notification letter TMX informs that the breach was discovered on February 13th, 2023, and hackers had been in its systems since early December, 2022 with information stolen between February 3rdand 14th, 2023.
TMX has implemented endpoint protection and monitoring and reset all employee account passwords and believes the security incident has now been contained.
Ted Miracco, CEO, Approov had this to say:
“Unfortunately, data breaches like the TMX security incident are far too common in today’s digital age, and reckless companies often fail to take adequate measures to prevent them, as they rely on their insurers to pay the bill to clean things up. When these security incidents occur, it is often the customers and users who suffer the consequences, as their personal and sensitive information can be compromised, leading to identity theft, financial loss, and other types of harm.
“While some companies take security seriously and implement measures to prevent breaches, others prioritize profits over security, which can lead to careless behavior and a lack of investment in security infrastructure. In some cases, companies may even attempt to minimize or cover up security incidents, leaving victims in the dark about the full extent of the damage.
“This highlights the need for stronger regulations and penalties to hold companies accountable for data breaches and other security incidents, and to ensure that they are taking adequate measures to protect their customers’ information. Companies must understand the gravity of the situation and prioritize security over profits to protect their customers’ information and prevent potential harm.”
The fact that TMX is only now implementing “endpoint protection and monitoring” is a big hint that this was the likely gateway for the threat actors. Thus if you’re responsible for protecting your environment from threats like this, you might want to make sure that this box is checked.
Related
This entry was posted on April 4, 2023 at 8:39 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
TMX Data Breach Affects nearly 5 million US Customers
TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan announced a data breach that affected more than 4.8 million customers from 1,000 consumer lending outlets across the US. The data stolen included dates of birth, passport #s, driver’s license #’s, federal/state ID #’s, , SSN’s and financial account information.
In a data breach notification letter TMX informs that the breach was discovered on February 13th, 2023, and hackers had been in its systems since early December, 2022 with information stolen between February 3rdand 14th, 2023.
TMX has implemented endpoint protection and monitoring and reset all employee account passwords and believes the security incident has now been contained.
Ted Miracco, CEO, Approov had this to say:
“Unfortunately, data breaches like the TMX security incident are far too common in today’s digital age, and reckless companies often fail to take adequate measures to prevent them, as they rely on their insurers to pay the bill to clean things up. When these security incidents occur, it is often the customers and users who suffer the consequences, as their personal and sensitive information can be compromised, leading to identity theft, financial loss, and other types of harm.
“While some companies take security seriously and implement measures to prevent breaches, others prioritize profits over security, which can lead to careless behavior and a lack of investment in security infrastructure. In some cases, companies may even attempt to minimize or cover up security incidents, leaving victims in the dark about the full extent of the damage.
“This highlights the need for stronger regulations and penalties to hold companies accountable for data breaches and other security incidents, and to ensure that they are taking adequate measures to protect their customers’ information. Companies must understand the gravity of the situation and prioritize security over profits to protect their customers’ information and prevent potential harm.”
The fact that TMX is only now implementing “endpoint protection and monitoring” is a big hint that this was the likely gateway for the threat actors. Thus if you’re responsible for protecting your environment from threats like this, you might want to make sure that this box is checked.
Share this:
Like this:
Related
This entry was posted on April 4, 2023 at 8:39 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.