TMX Finance and its subsidiaries have revealed a data breach that exposed the personal data of almost 5 million customers. Hackers breached the company’s systems in December 2022 but TMX only discovered the breach on February 13th, 2023, and completed an internal investigation on March 1st. The company has informed the FBI and is monitoring its systems for further suspicious activity.
The stolen customer data includes full name, date of birth, passport number, driver’s license number, identification card number, tax identification number, social security number, financial account information, phone number, physical address, and email address. The company has implemented endpoint protection and monitoring and reset all employee account passwords to block access through potentially compromised internal accounts.
TMX’s data breach notification letter also encloses instructions for individuals to enroll for a free 12-month identity protection service through Experian and request a security freeze.
The company has encouraged customers to remain vigilant against potential identity theft and fraud by carefully reviewing credit reports and account statements to ensure that all activity is valid.
TMX Finance is a Canadian finance giant that operates equities, fixed income, derivatives, and energy markets exchanges, with a business presence in the United States, Canada, the U.K., Australia, and China.
Its subsidiaries include TitleMax, TitleBucks, and InstaLoan, which are lending businesses operating 1,100 stores across the U.S. TitleBucks is a car title loans service, and InstaLoan is a fast-approval personal loan service for those with bad credit.
