iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Canadian finance company TMX Finance has suffered a data breach that has resulted in the data of over 4.8 million customers being compromised.
According to a letter sent to those affected by the breach, the hackers gained access to the TMX systems in December 2022. However, the breach was not discovered until 13 February 2023.
Based on an investigation by the company, customer data was accessed between 3 and 4 February 2023.
“On February 13, 2023, we detected suspicious activity on our systems and promptly took steps to investigate the incident,” said the letter to affected customers.
“As part of that investigation, global forensic cyber security experts were retained. Based on the investigation to date, the earliest known breach of TMX’s systems started in early December 2022. On March 1, 2023, the investigation confirmed that information may have been acquired between February 3, 2023 — February 14, 2023.
“We promptly began a review of potentially affected files to determine what information may have been involved in this incident. We notified the FBI but have not delayed this notification for any law enforcement investigation.”
TMX has said that while the investigation is ongoing, it currently believes that the incident has been contained and that its systems are secure.
It has reset all employee passwords in the case of compromised credentials and implemented endpoint protection and monitoring.
The information compromised in the breach was personal and expansive, with TMX listing the variety of data stolen.
Data included:
Those affected in the breach are able to redeem 12 months of free Experian IdentityWorks and can request a security freeze. Instructions to redeem the ID protection can be found in the data breach letter.
Be the first to hear the latest developments in the cyber industry.
