Nearly 5 million hit in massive loan data breach — see if you’re affected

An open lock depicting a data breach
(Image credit: Shutterstock)

TitleMax, TitleBucks and InstaLoan customers have been issued warning about a massive data breach after TMX Finance revealed that hackers accessed its systems and stole loads of their personal information.

As reported by BleepingComputer, TMX is a public financial service company based in Canada which operates in the U.S., U.K., Canada, Australia and China whose subsidiaries include TitleMax, TitleBucks and InstaLoan. TitleMax is a lender with 1,100 stores across the U.S., TitleBucks is a car title loan service and InstaLoan is a personal loan service that caters to those with bad credit.

According to a new data breach notification letter sent out to affected customers, hackers gained access to its systems in December of last year but TMX didn’t detect the breach until February 13, 2023. The company also informed the Office of the Maine Attorney General regarding the breach.

Following an internal investigation conducted by the firm, it has revealed that the hackers responsible stole customer’s sensitive personal information between February 3rd and 14th of this year. TMX has a large presence across many states in the U.S. and a total of 4,822,580 customers are impacted by this data breach.

Even though the company has warned affected customers about the breach, it did not reveal how the hackers responsible gained access to its network and whether ransomware was involved in the attack according to SecurityWeek.

Customer data exposed

Although TMX believes that the security incident has now been contained, the company continues to monitor its systems for signs of suspicious activity.

Unfortunately for affected customers, loads of their personal information was exposed as a result of the data breach including their full names, date of birth, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, Social Security numbers, financial account information, phone numbers, physical address and their email addresses.

This is more than enough information to commit identity theft and TitleMax, TitleBucks and InstaLoan customers should be on high alert. Thankfully, TMX doesn’t plan to leave them high and dry.

What to do if you’re affected by this data breach

Victims of Identity Theft

(Image credit: Antonio Guillem/Shutterstock)

If you received a data breach notification letter from TMX, you don’t need to rush out and sign up for one of the best identity theft protection services just yet. (Though it doesn't hurt.)

To help its customers deal with any repercussions they may experience as a result of the breach, the company plans to enroll them with identity theft protection and credit monitoring services from Experian for free for 12 months. It may also be a good idea to request a security and credit freeze through Experian.

Besides taking advantage of this offer, affected customers should also remain vigilant and carefully review both their credit reports and account statements looking for any fraudulent activity.

As of yet, the hackers behind this massive data breach have not claimed responsibility for the attack, but we may learn more soon as TMX has notified the FBI regarding the incident.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.