Data Breach at Professional Finance Company Leaks Social Security Numbers | Console and Associates, PC
Recently, Professional Finance Company (“PFC”) reported a data breach resulting from a ransomware attack in February 2022. As a result of the cyberattack, certain information belonging to current and former employees was compromised. According to PFC, the violation resulted in the surnames, first names, addresses and Social security numbers be compromised. On May 17, 2022, PFC filed a formal notice of breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is imperative that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what your legal options are following the Professional Finance Company data breach, please see our recent article on the subject. here.
Professional Finance Company Data Breach Details
In a recent filing with various state governments, PFC reports that on February 26, 2022, the company “detected and stopped” a sophisticated ransomware attack. However, during the attack, an unauthorized party was able to access and disable some of the company’s computer systems. So while PFC claims to have “stopped” the attack, it does not appear to have stopped any unauthorized access to its network.
After learning of the ransomware attack, PFC secured its systems and launched an investigation into the incident to determine the extent of the unauthorized activity. The investigation confirmed that the party that orchestrated the attack had been able to access certain files and that these files contained the names, social security numbers and addresses of certain people.
On May 17, 2022, Professional Finance Company sent data breach letters to all individuals whose information was disclosed during the PFC data breach.
About Professional Finance Company
Professional Finance Company is a debt collection company based in Greeley, Colorado. The company works with other organizations to collect their accounts receivable through various means. Professional Finance Company has various subsidiaries, including PFC Infuse, which acquires, manages and liquidates corporate default portfolios. Other subsidiaries include PFC First, PFC USA and PFC Rev. Professional Finance Company has over 126 employees working for the company and generates approximately $15 million in annual revenue.
What is a ransomware attack?
The PFC data breach resulted from a ransomware attack on the company. Ransomware has been in the news for the past few months as this type of cyberattack has become a favorite with hackers. In fact, according to the Identity Theft Resource Center, the number of ransomware attacks against U.S. businesses increased from 158 to 321 between 2020 and 2021. Given the prevalence of ransomware attacks, it’s important for consumers to understand this what they are, how they can be avoided and what can be done about them.
In a traditional ransomware attack, hackers install (or trick the victim into installing) malware on the victim’s device or computer network. This malware encrypts all or part of the data on the device or the network, blocking the victim. When the victim tries to log in, they see a ransom demanding message. Thus, hackers rely on a victim’s desire to access their computer and their willingness to pay to regain access.
However, in more malicious ransomware attacks, hackers will do all of the above and then threaten to publish the data they have obtained from the victim, usually on the Dark Web. This naturally adds to the fear of the victim, because once the information is published on the Dark Web, it is accessible to millions of people, most of whom have criminal intentions.
Given the risks that come with a data breach, it is imperative that those who receive a PFC data breach letter take the necessary steps to protect themselves. Additionally, data breach victims may be able to bring a class action lawsuit against a company that was negligent in retaining a victim’s sensitive data.
Data breach victims who have questions about what to do after a ransomware attack or their legal options should contact a data breach attorney for assistance.