Debt Relief Firm Set Forth Hit by Data Breach Exposing 1.5 Million Clients

Set Forth, Inc., an Illinois-based debt relief service provider, has disclosed a data breach exposing the personal data of 1.5 million U.S. customers.

The breach, discovered on May 21, 2024, resulted from an external hacking incident that compromised sensitive information, including names, addresses, dates of birth, and Social Security numbers. The company notified affected individuals on November 8, 2024, and is offering identity protection services to mitigate potential misuse.

Set Forth, Inc. provides online account management for consumers enrolled in debt relief programs and partners with business-to-business clients like Centrex, Inc. Following the breach, the company issued detailed notifications to affected parties, many of whom were notified due to their association with Set Forth's business partners.

The breach disclosure revealed that Set Forth immediately initiated an investigation into the suspicious system activity by engaging third-party forensic specialists to assess the extent of the compromise and identify impacted data.

The cybersecurity incident exposed personal information that, according to Set Forth, might include the data of family members or co-applicants on certain accounts. Specifically, the compromised data includes:

• Full names
• Physical addresses
• Dates of birth
• Social Security numbers

The severity of the breach, given the nature of the data accessed, places customers at an elevated risk of identity theft and related fraud, prompting the company's quick notification and offer of protective services.

Set Forth has announced several measures to enhance its security following the breach. The company's incident response has included a global reset of all passwords, the implementation of advanced endpoint monitoring software, and the addition of new security controls aimed at preventing similar future incidents. Additionally, Set Forth has arranged a year of complimentary credit monitoring and identity protection through Cyberscout.

In its notification to clients, Set Forth emphasized that, although there is currently no evidence of data misuse, individuals should remain alert for any suspicious activity. Customers are encouraged to review their financial and credit statements regularly and are provided with specific instructions for activating Cyberscout services and securing their credit files with fraud alerts or credit freezes.