Set Forth data breach exposes sensitive information of 1.5 million customers

American debt services company Set Forth has confirmed a significant data breach compromising sensitive information on over 1.5 million individuals, including customers and their spouses, co-applicants, or dependents.

According to a notification sent to impacted clients, the breach was discovered on May 21, 2024, after the company identified suspicious activity on its systems. A subsequent investigation by third-party forensic experts determined that unauthorized parties accessed and stole a trove of personal information, including names, birth dates, postal addresses, and Social Security numbers.

Set Forth disclosed the breach to the Office of the Maine Attorney General, where it reported the scale of the incident. No threat actors have claimed responsibility for the breach, and details regarding the identity or motive of those behind the attack remain unknown.

Set Forth has implemented several security measures to prevent future incidents. These include enhanced endpoint monitoring, a global password reset, and additional security controls across its systems. Additionally, the company has arranged a 12-month identity theft protection service through Cyberscout for affected individuals, urging clients to utilize the service. However, it emphasized that no data misuse has been identified so far. The breach has also drawn the attention of multiple law firms, which are exploring potential grounds for a class-action lawsuit on behalf of those affected.