On September 15, 2022, Cash Express, LLC filed a data breach with the Montana Attorney General after the company experienced a data breach in which an unauthorized party gained access to sensitive consumer information contained on Cash Express’s network. According to Cash Express, the breach resulted in certain people’s first and last names, dates of birth, contact information, social security numbers, driver’s license numbers, and financial information being compromised. Recently, Cash Express sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other scams.
What we know about the data breach at Cash Express
News of Cash Express’ data breach comes from the company’s official filing with the Montana Attorney General, as well as a notice posted on Cash Express’s website. According to these sources, on February 6, 2022, the company detected unusual activity on its computer network. In response, Cash Express secured its systems and then hired an outside data security firm to assist in the company’s investigations.
As a result of this investigation, Cash Express confirmed that an unauthorized party had gained access to certain files on the company’s IT network between January 29, 2022 and February 6, 2022. Files accessible to the unauthorized party contained confidential consumer information.
When Cash Express determined that consumer data was being compromised by unauthorized persons, Cash Express reviewed the affected files to determine which information was compromised and which consumers were affected. The company completed its review of the affected files on August 4, 2022. While the information breached will vary by individual, it may include your first and last name, date of birth, contact information, social security number, driver’s license number, and financial information.
On September 15, 2022, Cash Express sent out data breach letters to anyone whose information was compromised as a result of the recent data security incident.
Founded in 1995, Cash Express, LLC is a check cashing company based in Cookeville, Tennessee. The Company offers a variety of loans and related services to its customers, including flex loans, payday loans, installment loans, home loans, check cashing services, pawn loans, and more. Cash Express has dozens of locations in Tennessee, Kentucky, Georgia and Arkansas. Cash Express employs more than 240 people and has annual revenues of approximately $52 million.
How Hackers Use Social Security Numbers
Hackers and other cybercriminals are constantly devising new ways to obtain consumers’ personal information. Perhaps the most valuable piece of information from a hacker’s perspective is social security numbers. But how can they benefit from your stolen SSN? Most people assume that identity theft or unauthorized transactions are the worst damage that can occur after a data breach. However, this is not necessarily the case, especially if they are given your social security number.
Criminals have several ways to profit from stolen social security numbers.
Open credit cards or take out loans
The most common damage from a data breach is for hackers to use your information to open a new line of credit, e.g. B. a new credit card or a personal loan. This gives criminals quick access to a significant amount of money, which they can use to buy goods in your name. To open a new credit account, a hacker will need your social security number, as well as your name, date of birth, and address. However, once they have your name and social security number, obtaining the other information is not a major hurdle. For example, the Cash Express data breach appears to have leaked all of these types of data. And even if a hacker is missing some information, they may have access to your other data through another data breach, an existing database with compromised information, or by doing an online search using the stolen information they already have.
Tax Refund Fraud
A hacker who steals your social security number can quite easily file a fraudulent tax return on your behalf in hopes of intercepting your tax refund. All they have to do is file a tax return on your behalf before you do so. Unfortunately, victims of tax refund fraud often do not realize they have been targeted until the IRS rejects their tax return because it has already been filed. To reduce the chances of a hacker successfully committing a tax refund scam, you should file your tax returns as soon as possible.
Open fraudulent utility accounts
According to the Federal Trade Commission, 13 percent of fraud cases in 2016 involved criminals creating new phone and utility accounts. While the damage from utility fraud may not seem as great as other types of fraud, the regulations surrounding the utility industry can make solving a case of utility fraud extremely difficult and time-consuming. To open a utility account, all a hacker needs is your name, address, and social security number.
Of course, in many cases, hackers don’t carry out identity theft or fraud themselves. Instead, they put your information up for sale on the dark web and sell it to the highest bidder. This allows hackers to quickly turn a profit and move on to the next cyberattack and set of victims.
The Cash Express data breach is still under investigation; However, even at this early stage, those affected by the incident appear to be at increased risk of identity theft and other fraud. If you have done business with Cash Express and would like to read the company’s privacy breach letter and your legal options, click here here to check our last post on this topic.