Auto Financing Company Announces Impactful Data Breach
Table of Contents
- By Steven
- Dec 14, 2022
As we’ve stated in past posts, financing companies are incredibly high on the target list for hackers. Financial companies have access to tons of PII (personally identifying information), making them perfect for hackers. Whether the criminal’s preferred method of attack is phishing, mal- or ransomware, or direct hacking, a company like Veros Credit will be a perfect target for all their criminal needs.
How Did the Attack Occur?
According to Arnold Law Firm, the attack was ransomware. On the day of the attack, which was in December 2021, the company became aware of the attack and began to take the necessary steps to deal with it. However, the thing that seems to be the company’s biggest mistake was waiting almost a year to alert the victims despite being immediately aware of the breach.
What Information Was Viewed or Stolen?
As much as we wish we could say there’s nothing for the victims to worry about, it would be naive to believe such. While the notice stated that Veros Credit had “no reason to believe anyone’s information has been misused,” we cannot honestly tell you not to worry if you or a loved one received a notice from Veros. The stolen data included driver’s license and state IDs, social security numbers, passport numbers, health insurance information, usernames and passwords, and particular financial account or cred/debit card information, which may include PINs, passwords, and security codes.
How Did Veros Credit Admit to the Breach?
Veros admitted to the data breach almost a year after it occurred, unfortunately for the victims. The notices were sent out around December 10th, 2022, though the breach happened nearly a year prior. During that year, the bad actor could have done many things with the victims’ data.
What Will Become of the Stolen Information?
The data that can be taken from a place like this is also effortless to sell; things like names, addresses, and social security numbers sell for cheap but will be worth a lot when sold in bulk. As the hacker managed to access about 54,000 social security numbers, they stand to make $54,000 – $81,000. If the victims have high credit, the combination of social security numbers, full names, and birthdays sell for $60 to $80. The hacker would make over $3.24 million on the low end, with the high end reaching $4.32 million. Unfortunately, this puts the victims at incredibly high risk for identity theft and fraud.
What Should Affected Parties Do in the Aftermath of the Breach?
Affected parties do have steps that they can take, though circumstances may seem dank. There are easy credit monitoring services to sign up for, and there are device monitoring software titles that will alert you to any unauthorized activity on your phones, computers, laptops, or anywhere else you install it. You can also monitor your texts, emails, and phone calls to ensure you aren’t scammed.