17 Million Hit by Prosper Data Breach Exposing Personal Info
▼ Summary
– Prosper’s data breach potentially exposed personal information of over 17 million customers, including sensitive details like Social Security numbers and government IDs.
– The breach occurred through unauthorized queries on Prosper’s databases, which the company detected and revoked by September 2.
– Prosper confirmed no operational disruptions, unauthorized account access, or fund theft occurred as a result of the incident.
– The company has implemented enhanced security measures and is offering affected customers free credit monitoring services.
– Customer funds remain protected, with uninvested cash insured by the FDIC and invested funds repayable over the loan terms.
A significant data breach at the peer-to-peer lending platform Prosper has compromised the personal information of approximately 17.6 million customers, marking a severe security incident for the financial services sector. The company first disclosed the unauthorized access in a September notification, with further details emerging in October when the well-known data breach tracking site, Have I Been Pwned, cataloged the event.
According to the updated entry, the breach is attributed to a threat actor known as Hiron. The exposed data is extensive and highly sensitive, placing affected individuals at considerable risk. The compromised information includes full names, dates of birth, government-issued identification documents, and U.S. Social Security numbers. Additionally, physical addresses, email addresses, IP addresses, employment and credit statuses, income levels, and browser user agent details were all part of the stolen dataset.
Prosper clarified that the breach resulted from unauthorized queries made against its databases containing customer and applicant information. The company acted swiftly to terminate this activity, confirming that the unauthorized access was revoked by September 2. Importantly, Prosper stated that its customer-facing operations were not disrupted. Early investigations found no evidence of unauthorized account access or theft of customer funds, and the incident was reported to U.S. law enforcement authorities.
In response to the breach, the lending firm has implemented enhanced security controls and safeguards. Prosper has also increased and fortified its monitoring, security alerting, and incident response capabilities. The company committed to providing affected customers with free credit monitoring services once the full scope of the potentially exposed data is conclusively determined.
Regarding customer funds, Prosper informed clients that any uninvested cash held in their accounts remains insured by the FDIC and is available for withdrawal at any time. However, invested funds, including principal and interest, will continue to be repaid according to the original terms of the underlying loans, as this aspect of the platform was not impacted by the security event.
(Source: Info Security)
