A major data theft hit one of the major US firms and compromised over 1.5 million customers’ data. Set Forth Inc., formerly known as DebtPayPro and Debt Pay Gateway, serves its customers by providing administrative services to users who enroll in debt relief programs. The company was founded in 2009 and helps people exit their debts.
The breach has impacted multiple financial institutions, and investigations have started. The malicious actors were able to get their hands on sensitive customer data, including Social Security Numbers, email addresses, phone numbers, date of birth, etc., of over 1.5 million individuals.
Set Forth Inc. informed that the attack was observed on 21st May 2024, and they promptly responded by triggering their incident response procedures. The attackers targeted the organization systems, which were used to store customer documents containing all their records. The records not only contained details about the primary applicant but also had all the personal details of any co-applicants or loan guarantees.
Set Forth Inc. also works with other companies like Centrex Inc., which uses the customers’ data with their permission for agreed usage, and the impact of the breach has also extended to them. Both firms have reached out to their customers, informing them about the exposure of their data.
The firm has also taken steps to uplift its systems’ security by deploying enhanced endpoint security solutions and refining its monitoring systems, along with a global password reset. As of the report, there have not been any cases of data misuse, but the firm has advised its users to monitor their financial records and credit reports periodically. This incident underscores the criticality of deploying secure systems and is another example of how an organization’s security failure can impact its connected partners.
