On September 15, 2022, Cash Express, LLC filed a data breach with the Montana Attorney General after the company suffered a data breach involving an unauthorized party with access to sensitive consumer data contained on Cash’s network. Express. According to Cash Express, the breach resulted in the compromise of first and last names, dates of birth, contact information, social security numbers, driver’s license numbers and financial information belonging to certain individuals. Recently, Cash Express sent data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves against identity theft and other fraud.
What we know about the Cash Express data breach
News of the Cash Express data breach comes from the company’s official filing with the Montana Attorney General as well as a notice posted on the Cash Express website. According to these sources, on February 6, 2022, the company detected unusual activity on its computer network. In response, Cash Express secured its systems and then hired a third-party data security company to help investigate the company.
As a result of this investigation, Cash Express has confirmed that an unauthorized party gained access to certain files on the company’s computer network between the dates of January 29, 2022 and February 6, 2022. It was also disclosed to the During the investigation that some of the files accessed by the unauthorized party contained sensitive consumer information.
After discovering that consumer data was accessible to an unauthorized party, Cash Express then reviewed the affected files to determine what information was compromised and which consumers were affected. The company completed its review of the affected files on August 4, 2022. While the information disclosed will vary depending on the individual, it may include your first and last name, date of birth, contact information, social security number, your driver’s license number and financial information.
On September 15, 2022, Cash Express sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
Founded in 1995, Cash Express, LLC is a check cashing company based in Cookeville, Tennessee. The Company offers a variety of loans and related services to its customers, including flexible loans, payday loans, installment loans, title loans, check cashing services, pawnbrokers, and more. Cash Express has dozens of locations in Tennessee, Kentucky, Georgia, and Arkansas. Cash Express employs over 240 people and generates approximately $52 million in annual revenue.
How Hackers Use Social Security Numbers
Hackers and other cybercriminals are constantly developing new ways to obtain consumers’ personal information. Social security numbers are perhaps the most valuable of all information, from a hacker’s perspective. But how can they take advantage of your stolen SSN? Most people assume that identity theft or unauthorized transactions are the worst damage that can result from a data breach; however, this is not necessarily the case, especially when they get your social security number.
Criminals have several ways to profit from stolen social security numbers.
Open credit cards or take out loans
The most common harm from a data breach is that hackers use your information to open a new line of credit, such as a new credit card or personal loan. This gives criminals quick access to a large sum of money that they can use to purchase goods on your behalf. To open a new credit account, a hacker needs your social security number, as well as your name, date of birth, and address. However, once they have your name and social security number, getting the other information won’t be too much of a hassle. For example, in the Cash Express data breach, all of these types of data appear to have been leaked. And even if a hacker is missing certain information, they may gain access to your other data through another data breach, an existing database of compromised information, or by searching online using the information. volleys he already has.
Tax refund fraud
A hacker who steals your social security number can quite easily file a fraudulent tax return on your behalf in hopes of intercepting your tax refund. To do this, they just need to file a tax return in your name before you do. Unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return because it’s already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.
Open fraudulent utility accounts
According to the Federal Trade Commission, 13% of fraud incidents in 2016 involved criminals setting up new phone and utility accounts. Although the harms of utility fraud may not seem as great as those of other types of fraud, the regulations surrounding the utility industry can make resolving a utility fraud case extremely difficult and time-consuming. To open a utility account, all a hacker needs is your name, address, and social security number.
Of course, in many cases the hackers are not committing identity theft or fraud themselves. Instead, they post your information for sale on the dark web and resell it to the highest bidder. This allows hackers to make a quick profit and move on to the next cyberattack and the next group of victims.
The Cash Express data breach is still under investigation; however, even at this early stage, it appears that those affected by the incident are at increased risk of identity theft and other fraud. If you have done business with Cash Express and would like to review the company’s data breach letter and learn more about your legal options, click here to review our recent article on the subject.