Data Breach at Professional Finance Company Results in Leaked Social Security Numbers | Console and Associates, P.C. | #malware | #ransomware


Recently, Professional Finance Company (“PFC”) reported a data breach stemming from a February 2022 ransomware attack. As a result of the cyberattack, certain information belonging to current and former employees was compromised. According to PFC, the breach resulted in the affected parties’ first and last names, addresses and Social Security numbers being compromised. On May 17, 2022, PFC filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is imperative that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Professional Finance Company data breach, please see our recent piece on the topic here.

The Details About the Professional Finance Company Data Breach

In a recent filing with various state governments, PFC reports that on February 26, 2022, the company “detected and stopped” a sophisticated ransomware attack. However, during the attack, an unauthorized party was able to access and disable some of the company’s computer systems. Thus, while PFC claims to have “stopped” the attack, it did not appear to stop all unauthorized access to its network.

After PFC learned of the ransomware attack, it secured its systems and initiated an investigation into the incident to determine the extent of the unauthorized activity. The investigation confirmed that the party orchestrating the attack was able to access certain files and that these files contained the names, Social Security numbers and addresses of certain individuals.

On May 17, 2022, Professional Finance Company issued data breach letters to everyone whose information was leaked in the PFC data breach.

About Professional Finance Company

Professional Finance Company is a debt collection company based in Greeley, Colorado. The company works with other organizations to recover their accounts receivable through various means. Professional Finance Company has various subsidiaries, including PFC Infuse, which acquires, manages, and liquidates portfolios of defaulted receivables from companies. Other subsidiaries include PFC First, PFC USA and PFC Rev. Professional Finance Company has more than 126 employees working for the company and brings in approximately $15 million in annual revenue.

What Is a Ransomware Attack?

The PFC data breach resulted from a ransomware attack against the company. Ransomware has been in the headlines quite a bit in recent months, as this type of cyberattack has become one of hackers’ favorites. In fact, according to the Identity Theft Resource Center, the number of ransomware attacks against U.S. companies increased from 158 to 321 between 2020 and 2021. Given the prevalence of ransomware attacks, it is important for consumers to understand what they are, how they can be prevented, and what can be done in their aftermath.

In a traditional ransomware attack, hackers install (or trick the victim into installing) malicious software on a victim’s device or computer network. This malware encrypts some or all of the data on the device or network, locking the victim out. When the victim tries to log in, they see a message demanding a money ransom. Thus, hackers rely on a victim’s desire to access their computer and willingness to pay to regain access.

However, in more invidious ransomware attacks, hackers will do all of the above and then threaten to publish the data they obtained from the victim, usually on the Dark Web. This understandably adds to a victim’s fear because once information is posted on the Dark Web, it is accessible to millions of people, most of which have criminal intentions.

Given the risks that come along with a data breach, it is imperative for those who receive a PFC data breach letter to take the necessary steps to protect themselves. Additionally, data breach victims may be able to pursue a data breach class action lawsuit against a company that was negligent in maintaining a victim’s sensitive data.

Those data breach victims who have questions about what to do after a ransomware attack or what their legal options are should reach out to a data breach lawyer for assistance.



Original Source link

Leave a Reply

Your email address will not be published.

+ nine = fifteen