A massive data breach at Set Forth, a prominent American debt services company, has compromised sensitive personal information of approximately 1.5 million customers and their family members.
The company detected suspicious system activity on May 21, 2024, prompting an immediate investigation with third-party forensic experts. Their analysis revealed that unauthorized parties had accessed and stolen customer data, including names, postal addresses, birth dates, and social security numbers. The breach also impacted information belonging to spouses, co-applicants, and dependents of Set Forth's clients.
In response to the incident, Set Forth has implemented several security measures, including enhanced system monitoring, a company-wide password reset, and additional protective controls. The company is also providing affected individuals with 12 months of free identity theft protection services through Cyberscout.
While Set Forth stated in its notification letter that there is currently no evidence of misuse of the stolen information, multiple law firms have begun investigating the possibility of class-action lawsuits related to the breach.
The identity of the attackers remains unknown, as no threat actors have claimed responsibility for the data theft. The scale of the breach was confirmed in Set Forth's official filing with the Office of the Maine Attorney General, which documented the 1.5 million affected individuals.
This incident highlights the ongoing challenges companies face in protecting sensitive customer data from cyber threats. As investigations continue, affected customers are advised to monitor their accounts closely and take advantage of the offered identity protection services.