Share this article on:
About 1.5 million people have had their data potentially compromised after threat actors breached the systems of US financial services and debt relief firm Set Forth (Forth).
On 21 May 2024, Forth identified a security incident involving suspicious activity from unauthorised users on its network. The company launched an investigation and launched incident response protocols.
“The investigation determined, on July 1, 2024, that the unauthorised user gained access to documents on their systems,” said Forth in a notice on its website.
“The review of potentially impacted documents determined that the following data elements may have been contained in the documents: names, Social Security numbers, dates of birth, and addresses.”
According to a data breach notification submitted to the Office of the Maine Attorney General, a total of 1.5 million people were affected.
In a notice sent to customers, Forth said that customers for its business-to-business partner Centrex were also affected.
“Receipt of this letter may be confusing for those who have not been direct customers of Forth. You may be receiving this letter if you were a customer or have done business with Centrex, Inc,” it said.
There is currently no evidence of data being misused; however, Forth has implemented a number of security protocols to prevent a repeat incident.
“We deployed enhanced endpoint monitoring software, performed a global password reset, and implemented additional security controls. In addition to these measures, we are offering identity theft protection services through Cyberscout for 12 months,” Forth told customers.
Cyber Daily has yet to observe a threat actor taking responsibility for the incident.
“Forth and Centrex take the need to protect the privacy and security of all information in their respective care very seriously, and deeply regret any inconvenience or concern that this matter may cause,” Forth said.
According to CyberNews, two law firms – Milberg Coleman Bryson Phillips Grossman, LLC and Shamis & Gentile P.A. – are investigating whether or not a class action lawsuit can be launched in response to the incident.