On September 15, 2022, Cash Express, LLC reported a data breach with the Montana Attorney General after the company experienced a data breach involving an unauthorized party gaining access to sensitive consumer data contained on Cash Express’s network. According to Cash Express, the breach resulted in the first and last names, dates of birth, contact information, Social Security numbers, driver’s license numbers, and financial information belonging to certain individuals being compromised. Recently, Cash Express sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
What We Know About the Cash Express Data Breach
News of the Cash Express data breach comes from the company’s official filing with the Montana Attorney General as well as a notice posted on the Cash Express website. According to these sources, on February 6, 2022, the company detected unusual activity on its computer network. In response, Cash Express secured its systems and then engaged a third-party data security firm to assist with the company’s investigation.
As a result of this investigation, Cash Express confirmed that an unauthorized party had gained access to certain files on the company’s IT network between the dates of January 29, 2022 and February 6, 2022. It was also revealed through the investigation that some of the files that the unauthorized party was able to access contained sensitive consumer information.
Upon discovering that consumer data was accessible to an unauthorized party, Cash Express then reviewed the affected files to determine what information was compromised and which consumers were impacted. The company completed its review of the affected files on August 4, 2022. While the breached information varies depending on the individual, it may include your first and last name, date of birth, contact information, Social Security number, driver’s license number, and financial information.
On September 15, 2022, Cash Express sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1995, Cash Express, LLC is a check-cashing company based in Cookeville, Tennessee. The company offers a variety of loans and related services to its customers, including flex loans, payday loans, installment loans, title loans, check cashing services, pawn loans and more. Cash Express maintains dozens of locations throughout Tennessee, Kentucky, Georgia and Arkansas. Cash Express employs more than 240 people and generates approximately $52 million in annual revenue.
How Hackers Use Social Security Numbers
Hackers and other cybercriminals are constantly developing new ways to obtain consumers’ personal information. Perhaps the most valuable of all information, from a hacker’s perspective, are Social Security numbers. But how can they profit off of your stolen SSN? Most people assume that identity theft or unauthorized transactions are the worst of the harms that can follow in the wake of a data breach; however, that is not necessarily the case, especially when they obtain your Social Security number.
Criminals have a few different ways to profit off of stolen Social Security numbers.
Open Credit Cards or Take Out Loans
The most common harm of a data breach is that hackers will use your information to open up a new line of credit, such as a new credit card or personal loan. This gives criminals quick access to a significant amount of money that they can use to purchase goods in your name. To open up a new credit account, a hacker needs your Social Security number, as well as your name, date of birth and address. However, once they have your name and Social Security number, obtaining the other information won’t pose much of a hurdle. For example, in the Cash Express data breach, all of these data types appear to have been leaked. And even if a hacker is missing some information, they may have access to your other data through another data breach, an existing database of compromised information, or by conducting an online search using the stolen information they already have.
Tax Refund Fraud
A hacker who steals your Social Security number can rather easily file a fraudulent tax return on your behalf in hopes of intercepting your tax refund. To do this, they just need to file a tax return in your name before you do. Unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return because it’s already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.
Open Fraudulent Utility Accounts
According to the Federal Trade Commission, 13 percent of fraud incidents in 2016 involved criminals creating new phone and utility accounts. While the harms of utility fraud may not seem as great as other types of fraud, the regulations surrounding the utility industry can make resolving a case of utility fraud extremely difficult and time-consuming. To open up a utility account, all a hacker needs is your name, address and your Social Security number.
Of course, in many cases, hackers do not conduct identity theft or fraud themselves. Instead, they post your information for sale on the dark web and sell it to the highest bidder. This enables hackers to make a quick profit and move on to the next cyberattack and the next set of victims.
The Cash Express data breach is still under investigation; however, even at this early point, it appears that those impacted by the incident are at an increased risk of identity theft and other frauds. If you did business with Cash Express and would like to review the company’s data breach letter and learn about your legal options, click here to review our recent post on the topic.