US financial services and debt relief firm Set Forth has suffered a major data breach that may have compromised personal information for about 1.5 million people. The company determined that suspicious activity by unauthorized users occurred on its network. On May 21, 2024, the company immediately investigated and activated its incident response protocols. It was confirmed by July 1 that hackers had gained access to sensitive documents, including names, Social Security numbers (SSNs), dates of birth, and addresses.
The main breach affecting Set Forth is limited to people who get involved with the company through its business-to-business partner Centrex and are enrolled in debt relief programs. In a notice sent to the Maine Attorney General’s office, Set Forth detailed that the compromise extended to its direct customers and those who engaged with Centrex, leading to further confusion for recipients unfamiliar with Set Forth’s services.
What Set Forth’s data breach mean for affected individuals and how to protect yourself
So far, there is no evidence that the personal data has been misused, but Set Forth has been proactive, bolstering security measures. The company has introduced enhanced endpoint monitoring software, a global password reset, and additional security controls. In addition, to help those affected, Set Forth will provide a year of identity theft protection service from Cyberscout, an industry leader in that field.
With each party weighing in on how this ‘issue’ will affect them, there are concerns about the exposed data’s security. It’s a notable breach, given that what was compromised includes highly sensitive data that could have incredibly damaging consequences for affected people if it falls into the wrong hands. There have been no immediate misuse reports; however, the threat of hacker attempts and phishing scams looms ominously, and as experts warn, giving attackers your details opens the door to many fraudulent activities.
It is not clear if the investigation turned from Set Forth to its creator, and two law firms–Milberg Coleman Bryson Phillips Grossman, LLC and Shamis & Gentile P.A.–are currently exploring whether to file a class action lawsuit against Set Forth creator, according to CyberNews. Like in any big data breach, many affected individuals opt to seek redress, often if their information becomes compromised because a company could not protect sensitive data.
There are several recommended actions if you are unsure what to do after the breach. You should keep track of your mailbox for messages regarding the breach. Such notices usually come by snail mail and specify the codes for the complimentary identity theft protections. The presence of this service can be essential if we want to find out about any unauthorized activities in a person’s personal and financial details.
If anyone is affected, they should watch all of their accounts for any sign of fraud. If hackers get their hands on a victim’s SSN, for example, they could seek to apply for a loan or job in the victim’s name or carry out other extremely illicit acts. Identity theft results in scenarios in which the recovery process takes longer to conclude.
Aside from monitoring finances, individuals suffering from the tragedy should also be cautious when dealing with emails and messages that may want to take advantage of the situation. Suppose you see a message that includes a sense of urgency. In that case, if it’s a ‘time is running out’ type of message, that’s often the way hackers use data breaches as leverage to target individuals with phishing schemes. It’s really important to remain skeptical of unsolicited communications.
Images credit: freepik