Product leasing big warns that delicate data was stolen throughout cyberattack

Progressive Leasing, a billion-dollar firm that enables individuals to lease shopper merchandise, introduced a cyberattack final week.

In a press release to Recorded Future Information, the corporate stated it has seen no “main” operational impacts to its companies because of the assault however famous that it’s nonetheless investigating what occurred.

“Progressive Leasing not too long ago skilled a cybersecurity incident affecting sure Progressive Leasing methods. Promptly after detecting the incident, we engaged main third-party cybersecurity specialists and launched an investigation,” a spokesperson stated.

“Our group is working diligently alongside our cybersecurity specialists and with legislation enforcement to research and reply to this incident … The investigation into the incident, together with identification of the info concerned, stays ongoing.”

The Salt Lake Metropolis-based firm has dozens of partnerships with main retailers like Greatest Purchase, Samsung, Cricket, Lowe’s, Zales, Overstock, Dell and extra. They’re one of many greatest lease-to-own firms in operation and are half of a bigger company — PROG Holdings — that provides “purchase now, pay later” choices.

On Thursday, the company reported the cyberattack to regulators on the SEC, writing that it “believes the concerned knowledge contained a considerable quantity of personally identifiable data, together with social safety numbers, of Progressive Leasing’s prospects and different people.”

“Progressive Leasing will present discover to these people whose personally identifiable data was concerned within the incident, in addition to to regulatory authorities, in accordance with relevant legal guidelines,” it stated.

“The Firm has incurred, and should proceed to incur, important bills to reply to, remediate and examine this matter. The complete scope of the prices and associated impacts of this incident, together with the extent to which these prices might be offset by the Firm’s cybersecurity insurance coverage, has not been decided.”

The corporate’s chief monetary officer added that they don’t count on there to be a monetary fallout from the assault because of restricted operations — in contrast to cleansing big Clorox, which reported to the SEC final week that it was dealing with manufacturing points after a cyberattack.

Cybersecurity knowledgeable Dominic Alvieri said the AlphV/Black Cat ransomware gang took credit score for the assault on Friday, including the corporate to its leak web site and claiming to have stolen the private data of greater than 40 million prospects.

The ransomware gang precipitated worldwide headlines final week with its assault on MGM Resorts — an incident that’s nonetheless inflicting widespread issues throughout Las Vegas.