RiteCheck discloses year-old data breach affecting over 68,000 individuals

RiteCheck Cashing, a longtime financial services provider based in New York City, has confirmed that a cyberattack targeting its servers in August 2024 compromised the personal information of more than 68,000 individuals. Despite the breach occurring nearly a year ago, customers and employees affected by the incident were only notified on July 28, 2025.

According to a breach notification submitted to the Maine Attorney General’s Office, an unauthorized user gained access to one of the company’s servers around August 25 last year. A subsequent investigation revealed that sensitive data belonging to a subset of RiteCheck’s customers and employees had likely been exposed.

The compromised information includes names, addresses, dates of birth, Social Security numbers, driver’s license and government-issued ID numbers, as well as payment card details. These data elements are frequently exploited by cybercriminals to commit identity theft, open fraudulent accounts, and conduct illicit financial transactions.

Security experts warn that the prolonged delay between the breach and the public notification may have increased the risk of misuse, as cybercriminals had nearly 11 months to potentially exploit the stolen data before victims were informed.

In response to the breach, RiteCheck said it reset user account passwords and introduced threat detection and endpoint monitoring tools to strengthen its cybersecurity defenses. The company is also offering affected individuals 12 months of complimentary credit monitoring and identity protection services.

Shamis & Gentile P.A., a law firm specializing in data breach litigation, has launched an investigation into the incident. Individuals whose personal information was compromised may be eligible for compensation and are encouraged to monitor their accounts and consider joining a potential class action lawsuit.

RiteCheck Cashing, Inc. has operated in the Bronx and Harlem neighborhoods for over 75 years, providing check cashing, bill payment, money transfers, and other financial services through 11 locations, some of which are open 24 hours. The breach affected 68,587 people across the United States, including four residents of Maine.