Set Forth, Inc., a financial services provider that specializes in online account administration for debt relief programs, has recently revealed a significant data breach affecting approximately 1.5 million individuals. The breach, discovered on May 21, 2024, resulted in the unauthorized access of sensitive personal data, including names, Social Security numbers, addresses, and dates of birth. Set Forth, which was formerly known as DebtPayPro and Debt Pay Gateway, has been a key player in helping consumers navigate and resolve their debt issues. This breach, however, underscores the growing risks to consumer data within the financial services industry.
The breach has impacted not only Set Forth’s direct customers but also individuals associated with its business partner, Centrex, Inc. The affected customers, including 3,285 residents of Maine, may have had their personal information accessed during the attack. Set Forth, upon detecting the breach, immediately implemented its incident response protocols and engaged independent forensic specialists to investigate the matter. Although there has been no evidence to suggest that the exposed data has been misused, Set Forth has taken the precautionary step of notifying affected individuals to ensure they are aware of the breach and can take protective measures.
One of the complexities surrounding the breach is its connection with Centrex, Inc. Set Forth’s platform allows businesses to share consumer data with permission, which means that individuals who had business relationships with Centrex, but were not direct customers of Set Forth, are also affected. This aspect has led to some confusion for recipients of breach notifications, as they may not have initially understood the connection to Set Forth. The company has issued statements clarifying that any customers or business associates of Centrex may have also been impacted by the breach.
In response to the breach, Set Forth has taken several steps to strengthen its security posture. These include deploying enhanced endpoint monitoring software, initiating a global password reset, and implementing additional security controls to prevent future breaches. Furthermore, Set Forth is offering 12 months of identity theft protection services through Cyberscout to all affected individuals.
