TMX Finance Data Breach Potentially Exposes 4 Million Americans to Fraud

On March 30, 2023 TMX Finance Corporate Services, Inc. (“TMX Finance,” “TMX”) announced to the Attorney General of Maine that a cybersecurity breach left its servers susceptible to attack. Around February 13, 2023, the company learned that an outside, and unauthorized actor had gained access to its computer systyem. Further investigation revealed that the unknown actor had access to company files, including sensitive consumer data, between February 3, 2023 and February 14, 2023, initially gaining access to the servers in December 2022. The data breach reportedly put 4,822,580 individuals at risk.

TMX Finance owns popular lending companies such as TitleMax, TitleBucks, and InstaLoan. TMX itself is a subsidiary of TMX Finance, LLC, another consumer lending company based in Savannah, Georgia. After the initial investigation of the data breach, TMX began reviewing the affected files to determined the extent that their clients and consumers were impacted. The range of information impacted varies on the individual, but the breach potentially exposed information such as your name, Social Security number, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, financial account information, as well as other information such as phone number, address, and email address.

TMX waited until March 30, 2023 to begin notifying affected individuals via data breach notice letters. Consumers remained unaware for a significant period of time before hearing news of the data breach. This could have potentially left many individuals affected by fraud unaware of a likely reason.

If you received a letter from TMX Finance Corporate Services, Inc. indicating that your information was involved in a data breach, fill out the form below to participate in Shub Law’s investigation.