Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Nearly 5 million hit in massive loan data breach — see if you’re affected

An open lock depicting a data breach

TitleMax, TitleBucks and InstaLoan customers have been issued warning about a massive data breach after TMX Finance revealed that hackers accessed its systems and stole loads of their personal information.

As reported by BleepingComputer, TMX is a public financial service company based in Canada which operates in the U.S., U.K., Canada, Australia and China whose subsidiaries include TitleMax, TitleBucks and InstaLoan. TitleMax is a lender with 1,100 stores across the U.S., TitleBucks is a car title loan service and InstaLoan is a personal loan service that caters to those with bad credit.

According to a new data breach notification letter sent out to affected customers, hackers gained access to its systems in December of last year but TMX didn’t detect the breach until February 13, 2023. 

Following an internal investigation conducted by the firm, it has revealed that the hackers responsible stole customer’s sensitive personal information between February 3rd and 14th of this year. TMX has a large presence across many states in the U.S. and a total of 4,822,580 customers are impacted by this data breach.

Customer data exposed

Although TMX believes that the security incident has now been contained, the company continues to monitor its systems for signs of suspicious activity.

Unfortunately for affected customers, loads of their personal information was exposed as a result of the data breach including their full names, date of birth, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, Social Security numbers, financial account information, phone numbers, physical address and their email addresses.

This is more than enough information to commit identity theft and TitleMax, TitleBucks and InstaLoan customers should be on high alert. Thankfully, TMX doesn’t plan to leave them high and dry.

What to do if you’re affected by this data breach

(Image credit: Antonio Guillem/Shutterstock)

If you received a data breach notification letter from TMX, you don’t need to rush out and sign up for one of the best identity theft protection services just yet. (Though it doesn't hurt.)

To help its customers deal with any repercussions they may experience as a result of the breach, the company plans to enroll them with identity theft protection services from Experian for free for 12 months. It may also be a good idea to request a security and credit freeze through Experian.

Besides taking advantage of this offer, affected customers should also remain vigilant and carefully review both their credit reports and account statements looking for any fraudulent activity.

As of yet, the hackers behind this massive data breach have not claimed responsibility for the attack, but we may learn more soon as TMX has notified the FBI regarding the incident.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.