Set Forth, Inc., a provider of online account management services for individuals participating in debt relief programs, has reported a significant data breach impacting 1.5 million individuals. In response, several law firms have initiated investigations and are preparing to file potential class action lawsuits.
The breach may have compromised sensitive information, including names, Social Security Numbers, addresses, and dates of birth, following the incident at Set Forth, Inc. (previously known as DebtPayPro and Debt Pay Gateway). Established in 2009, this financial services firm is committed to assisting consumers in overcoming debt challenges.
The incident was detected on May 21, 2024. Set Forth asserts that it promptly activated its incident response protocols and enlisted the help of independent computer forensic experts.
On November 8, the company informed the Maine Attorney General’s office that the breach affected 1.5 million individuals, including 3,285 residents of Maine. Unauthorized individuals accessed documents stored within the company’s systems.
“The investigation revealed that personal information belonging to you, your spouse, co-applicant, or dependent may have been accessed during the incident,” stated the notification sent to affected users.
“Although there is no evidence indicating that your information has been misused, we wish to inform you of this incident as a precautionary measure.”
Set Forth also noted its partnership with Centrex, Inc., indicating that their customers are similarly impacted. The Set Forth platform facilitates the collection and sharing of consumer information among its users, with the necessary permissions.
The receipt of this correspondence may cause confusion for individuals who have not been direct clients of Forth. You may be receiving this letter if you were previously a customer or have engaged in business with Centrex, Inc.
The company has announced that it is implementing measures to avert similar occurrences in the future.
“We have introduced advanced endpoint monitoring software, conducted a comprehensive password reset, and established additional security protocols. Furthermore, we are providing identity theft protection services through Cyberscout for a duration of 12 months.”
The company recommends that users stay alert and regularly examine their financial accounts and credit reports.
As of now, no ransomware group monitored by Cybernews Ransomlooker has taken responsibility for the attack or identified Set Forth as one of their targets on dark web platforms.
In the meantime, at least two law firms, Milberg Coleman Bryson Phillips Grossman, LLC and Shamis & Gentile P.A., have initiated investigations into the incidents to assess the possibility of filing a class action lawsuit.
