1.5 million Americans hit in massive debt relief service data breach — names, addresses, SSNs and more exposed
What to do now and how to see if you’re affected
No matter how careful you are online, your sensitive personal and financial data could end up in the hands of hackers if a company you do business with directly (or indirectly) ends up falling victim to a data breach.
As reported by CyberNews, the debt relief firm Set Forth recently suffered a data breach in which hackers were able to gain access to internal documents stored on the company’s systems. The company itself provides administrative services to Americans enrolled in debt relief programs but it also works with business-to-business partners such as Centrex.
Following this cyberattack, data breach notifications are now being sent out to affected customers. Here’s everything you need to know about the types of data accessed in this attack and what you can do next if your information was exposed online as a result.
Unauthorized access to sensitive documents
In a data breach notification sent to the Maine Attorney General’s office, Set Forth revealed that 1.5 million Americans are impacted by this breach.
The attack itself occurred back in May of this year, at which time the company implemented incident response protocols before working alongside independent computer forensic specialists as part of its investigation into the incident.
According to Set Forth, the full names, Social Security numbers (SSNs) and dates of birth of impacted individuals may have been obtained by the hackers behind this attack after they gained access to documents stored on the company’s systems. To make matters worse, personal information belonging to “a spouse, co-applicant or dependent” may have also been accessed during the attack.
At the moment, there are no indications that this information has been used by hackers in their attacks. Still though, all of this personal data could end up for sale on the dark web or it might even be used in targeted phishing attacks going forward.
Fortunately, Set Forth is providing free access to one of the best identity theft protection services through Cyberscout for a year for those affected by this latest data breach. While we haven’t reviewed this particular service, it’s been in business for just over 20 years with 1.5 million commercial policies and it has handled more than 1 million breach responses.
Sign up now to get the best Black Friday deals!
Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.
How to stay safe after a data breach
After a data breach like this one, you’re going to want to pay close attention to your mailbox. This is because data breach notification letters like the sample one linked above are typically delivered via traditional mail as opposed to through email.
If your personal and financial data was exposed, this letter will provide you with a code to sign up for Cyberscout’s identity theft protection which is worth doing as it’s free and they have experts standing by to help you with any questions you may have.
Once this is done, you’re going to want to carefully monitor all of your financial accounts for signs of fraud. With your SSN in hand, hackers can sign up for loans in your name, apply for jobs and even commit crimes which you will be held accountable for. This is one of the reasons identity theft is so scary and difficult to recover from.
Likewise, you also want to pay close attention when checking your inbox, messages and social media since hackers can use this stolen information or even the data breach by itself as a lure to get you to hand over more info or even your financial details. Keep a close eye out for emails from unknown senders and ones with blank subject lines. If something looks suspicious or tries to instill a sense of urgency, don’t respond or click on any links or download any attachments that the email might contain. Instead, just delete it.
We might possibly learn more about how this data breach unfolded at a later date but for now, at least Set Forth is providing free identity theft protection for a year as many companies hit by similar attacks often don’t.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.