Hackers successfully breached the systems of the financial services company Prosper, making off with the personal information—including Social Security Numbers—of over 17.6 million customers and loan applicants. Prosper, a peer-to-peer lending marketplace that has facilitated over $30 billion in loans since 2005, detected the unauthorized access on September 2nd. The company is still investigating the full extent of the data theft but has reported that there is no current evidence that attackers accessed customer funds or operational accounts.
The security breach, which the company first disclosed a month ago, resulted in the theft of a wide array of personal and proprietary data. Although the company is continuing to investigate exactly what was exposed, data breach notification services indicate that the stolen information is extensive. Beyond names and Social Security Numbers, the stolen records reportedly include government-issued IDs, dates of birth, physical and IP addresses, employment and credit status, income levels, and even browser details.
In a statement, Prosper confirmed that “confidential, proprietary, and personal information, including Social Security Numbers, was obtained,” stemming from unauthorized queries on company databases. While the company has acknowledged the report that 17.6 million unique email addresses were affected, a spokesperson said they were “not able to validate” the exact scale yet, as the investigation is in its early stages.
Despite the massive data theft, Prosper has stressed that the security breach did not impact its customer-facing operations. The company’s top priority remains resolving the incident and is committed to sharing more information with its customers as it becomes available. They have also reported the incident to the appropriate authorities and are actively collaborating with law enforcement to investigate the attack.
To help mitigate the risk to those affected, Prosper has committed to offering free credit monitoring to customers and applicants once they determine the precise set of data that was compromised. The ongoing investigation will clarify the full scope of the breach and who is impacted, at which point the company will be in a better position to offer concrete support to the millions whose private data was stolen.
Reference:
