.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: TMX Finance Corporate Services
Aug 31, 2023 9:35:52 AM
The Target: TMX Finance Corporate Services, the parent company of lender TitleMax. TMX, which also operates the brands TitleBucks, InstaLoan and EquityAuto Loan, has more than 1,000 locations in 18 U.S. states.
The Take: A revised data breach notification sent to victims by TMX stated that beyond the raft of personal information that it previously stated had been stolen - including passport and Social Security numbers - attackers may have also stolen their credit/debit card number in combination with security code, access code, password or PIN for the account.
The Vector: TMX previously reported detecting suspicious activity on their systems on Feb. 13. A third-party incident response firm called in to investigate found the intrusion appeared to have started in early December 2022.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
