Onset Financial Data Breach Exposes Sensitive Consumer Information
On May 2, 2025, Onset Financial, Inc., a Utah-based financial services company specializing in equipment leasing and financing, detected a network security incident in which an unauthorized party accessed certain systems. Despite existing security measures, files containing sensitive personally identifiable information (PII) were compromised.
The breach was discovered and contained by the company, which launched an investigation with cybersecurity experts. The probe concluded on November 24, 2025, and affected individuals began receiving notifications in December 2025.
Exposed data may include names, Social Security numbers, driver’s licenses, financial account details, credit/debit card numbers, passport numbers, and other sensitive documents such as W2s and pay stubs.
Onset Financial reported the breach to the Massachusetts Attorney General on December 16, 2025, and to the Montana Attorney General on December 12, 2025. The filings indicate that at least six individuals in Massachusetts and eleven in Montana were affected.
Shamis & Gentile P.A., a class action law firm, is investigating potential legal claims on behalf of impacted individuals. The firm notes that those whose data was exposed may be entitled to compensation under data protection laws.
Source: https://www.claimdepot.com/investigations/onset-financial-data-breach-2026
Onset Financial cybersecurity rating report: https://www.rankiteo.com/company/onset-financial
"id": "ONS1773807823",
"linkid": "onset-financial",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 17 (6 in '
'Massachusetts, 11 in Montana)',
'industry': 'Equipment Leasing and Financing',
'location': 'Utah, USA',
'name': 'Onset Financial, Inc.',
'type': 'Financial Services Company'}],
'customer_advisories': 'Notifications sent to affected individuals in '
'December 2025',
'data_breach': {'file_types_exposed': ['W2s', 'Pay stubs'],
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Driver’s licenses',
'Financial account '
'details',
'Credit/debit card '
'numbers',
'Passport numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-05-02',
'date_publicly_disclosed': '2025-12-12',
'date_resolved': '2025-11-24',
'description': 'On May 2, 2025, Onset Financial, Inc. detected a network '
'security incident in which an unauthorized party accessed '
'certain systems. Files containing sensitive personally '
'identifiable information (PII) were compromised despite '
'existing security measures. The breach was contained, and an '
'investigation was launched with cybersecurity experts. '
'Affected individuals began receiving notifications in '
'December 2025.',
'impact': {'data_compromised': 'Sensitive personally identifiable information '
'(PII)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal claims under data protection '
'laws',
'payment_information_risk': 'High',
'systems_affected': 'Certain systems containing PII'},
'investigation_status': 'Concluded',
'references': [{'source': 'Massachusetts Attorney General'},
{'source': 'Montana Attorney General'},
{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Shamis & Gentile P.A.',
'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(2025-12-16)',
'Montana Attorney '
'General '
'(2025-12-12)']},
'response': {'communication_strategy': 'Notifications sent to affected '
'individuals in December 2025',
'containment_measures': 'Yes',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Cybersecurity experts'},
'title': 'Onset Financial Data Breach Exposes Sensitive Consumer Information',
'type': 'Data Breach'}