Breach

High-cost lender TMX Finance data breach affects nearly 5 million customers

A TitleMax store shows damage from yesterday’s flood waters on Garners Ferry Road following flooding in the area October 5, 2015 in Columbia, South Carolina.  High-cost lender TMX Finance and its affiliates TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach affecting nearly five million customers. (Photo by Sean Ray...

High-cost lender TMX Finance and its affiliates TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach affecting nearly five million customers, according to a data breach notification publicized by the Maine State Attorney General.  

TMX is a public financial services company that provides high-cost loans to individuals and primarily specializes in auto title loans. The business has more than 950 stores across 15 states in the United States.  

According to the notice, the company discovered a cyberattack on February 13, 2023, but further investigation revealed that hackers had breached the system in early December 2022, according to a sample breach notification letter sent to affected customers on Thursday.

"On March 1, 2023, the investigation confirmed that information may have been acquired between February 3, 2023 -- February 14, 2023," the letter stated.  

The hackers stole 4,822,580 customers' personal information, including their names, dates of birth, passport numbers, driver's license numbers, federal and state identification card numbers, tax identification numbers, social security numbers, and financial account information.  

"We promptly began a review of potentially affected files to determine what information may have been involved in this incident. We notified the FBI but have not delayed this notification for any law enforcement investigation," the company said.  

The company claims that the incident has been contained.  

SC Media has reached out to the TMX Finance for more information about attack and whether a ransom payment was made.  

As the company continues investigating the incident, it has offered customers 12-month complimentary credit monitoring and identity protection services. The company added that it has implemented additional security features, such as additional endpoint protection and monitoring, while resetting all employee passwords.  

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.