Major Data Breach Exposes Personal Information of 1.5 Million Americans

Set Forth, a prominent debt relief services provider, has disclosed a significant data breach that compromised the sensitive personal information of 1.5 million Americans, including Social Security numbers, full names, and dates of birth.

Tom’s Guide reports that a substantial cybersecurity incident at Set Forth, a company providing administrative services for debt relief programs, has resulted in unauthorized access to internal documents containing sensitive personal information of more than a million Americans. The breach, which occurred in May 2024, has prompted the company to issue formal notifications to affected individuals and report the incident to relevant authorities.

According to notifications filed with the Maine Attorney General’s office, the scope of the breach is extensive, affecting approximately 1.5 million individuals across the United States. The compromised data includes highly sensitive personal information such as full names, Social Security numbers (SSNs), and dates of birth. The breach’s impact extends beyond primary account holders, potentially exposing personal information of spouses, co-applicants, and dependents.

Upon discovering the breach, Set Forth implemented incident response protocols and enlisted independent computer forensic specialists to conduct a thorough investigation. While there is currently no evidence suggesting malicious use of the stolen data, security experts warn that the compromised information could potentially appear for sale on dark web marketplaces or be utilized in targeted phishing campaigns.

In response to the incident, Set Forth has partnered with Cyberscout, an established identity theft protection service provider with over two decades of experience and a track record of handling more than one million breach responses. The company is offering affected individuals one year of complimentary identity theft protection services through Cyberscout.

Set Forth is distributing breach notification letters via traditional mail, which include unique codes for accessing the complimentary identity theft protection services. The company works with various business-to-business partners, including Centrex, potentially expanding the reach of affected individuals beyond direct clients.

Security experts emphasize the significance of this breach, particularly given the sensitive nature of the exposed data. Social Security numbers are especially valuable to cybercriminals, as they can be used to perpetrate various forms of identity theft, including fraudulent loan applications, employment fraud, and criminal impersonation.