A major data breach at debt relief services provider Set Forth has exposed sensitive personal information of approximately 1.5 million Americans, according to recent reports.
The breach, which occurred in May 2023, compromised critical personal data including full names, Social Security numbers (SSNs), and dates of birth of affected individuals. The incident also potentially exposed information belonging to spouses, co-applicants, and dependents of those impacted.
Set Forth, which provides administrative services for debt relief programs and works with B2B partners like Centrex, discovered unauthorized access to internal documents stored on company systems. Upon detection, the company activated incident response protocols and enlisted independent computer forensic specialists to investigate.
While there is currently no evidence of misuse of the stolen information, the exposed data could potentially be sold on dark web marketplaces or utilized in targeted phishing campaigns against affected individuals.
In response to the breach, Set Forth is offering impacted customers one year of free identity theft protection services through Cyberscout, an established provider with over 20 years of experience in breach response handling.
The company is notifying affected individuals through postal mail, providing instructions and unique codes to activate the complimentary identity protection service.
Security experts recommend that impacted individuals:
- Monitor financial accounts closely for suspicious activity
- Watch for potential identity theft attempts using stolen SSNs
- Be vigilant about phishing attempts leveraging the breach
- Exercise caution with unexpected emails or messages
- Delete suspicious communications without clicking links or downloading attachments
This incident serves as a reminder that personal data remains vulnerable even when entrusted to legitimate service providers, highlighting the ongoing challenges of data security in the digital age.