TMX Finance and its subsidiary companies TitleMax, TitleBucks and InstaLoan recently notified 4,822,580 of its customers that large amounts of their personal information was exposed in a data breach that lasted from February 3rd to February 14th. This particular data breach is extremely serious because the information stolen included names, dates of birth, Social Security numbers, financial account information, phone numbers, home addresses, email addresses and more of its customers. TitleMax is a private lender with 1,100 stores throughout the country.
A letter was sent to all of its affected customers recently informing them of the data breach and offering free credit monitoring for a year. Here is a copy of a sample of the notification letter courtesy of bleepingcomputer.com. https://www.documentcloud.org/documents/23735720-tmx-finance-sample-copy-of-individual-notice-l01
The type of personal information compromised in this data breach can readily lead to identity theft. In addition, information about the names, cell phone numbers and email addresses of customers which was also compromised can be used to target victims of the data breach with spear phishing emails or smishing text messages intended to lure them into identity theft or other scams.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/