Non-bank lending company Cash Express this month reported to the Montana Attorney General a data breach that allowed an unauthorized party to access sensitive consumer information of more than 100,000 people.
The company, which provides payday loans, check cashing, title loans and other high-cost short-term lending services, said in a letter to those affected that an unauthorized party obtained their personal information, including dates of birth, social security numbers, financial information. and contact information earlier this year. The Cookeville, Tennessee-based company did not provide specific details about how the breach occurred.
Richard Console, a personal injury lawyer, said in a legal blog that the most common harm from data breaches Hackers use people’s personal information to open new credit cards or personal loans. Console told American Banker in an email that it has seen an increase in data breaches since the start of the COVID-19 pandemic, particularly in 2021.
“The lesson to be learned from any data breach is that companies need to do more to protect the sensitive consumer information entrusted to them,” Console said in the email to Banker. “Certainly creating and maintaining robust data security protocols is an additional cost; however, given the ever-increasing number of data breaches, the expense is justified.”
At least 80 financial services companies reported data breaches in 2022according to the Maine Attorney General’s Office, though Maine only tracks violations that affect at least one resident of the state.
In its letter to those affected, Cash Express said it had engaged a third-party data security firm to conduct an investigation after detecting unusual activity on its corporate network on February 6. The investigation revealed that an unauthorized party accessed part of the computer system between January 29 and February 6. According to the Maine Attorney General’s Office, 106,521 people were affected through the breach.
Cash Express received the results of the investigation on August 4 and reported the activity to the Montana Attorney General and affected individuals on September 15. CEO Garry McNabb said in the letter that Cash Express is offering free credit card monitoring to affected individuals through a one-year membership to Experian’s IdentityWorks.
The consumer lending company was founded in 1995. It operates through offices in the Midwest and the South.
In 2018, the Bureau of Consumer Financial Protection Bureau announced that Cash Express would pay a civil penalty of $200,000 and restitution of $32,000 to customers for a series of violations of the Consumer Financial Protection Act involving deceptive consumers.