On February 13, 2024, the California Office of the Attorney General disclosed that U.S. Merchants Financial Group, Inc. suffered a data breach compromising sensitive personal information. The exposed data reportedly includes names, driver’s license numbers, Social Security numbers, and health records, though the exact number of affected individuals remains undisclosed. The breach poses significant risks, as such details are prime targets for identity theft, financial fraud, and medical scams. In response, the company enlisted third-party cybersecurity specialists to investigate the incident and implement enhanced security measures. The nature of the stolen data—particularly Social Security and health information—suggests a severe privacy violation with potential long-term repercussions for victims, including unauthorized account access, credit damage, or targeted phishing attacks. The breach underscores vulnerabilities in the organization’s data protection frameworks, raising concerns about compliance with regulatory standards like HIPAA (for health data) and state-level privacy laws.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-591299
TPRM report: https://www.rankiteo.com/company/us-merchants
"id": "us-1013090725",
"linkid": "us-merchants",
"type": "Breach",
"date": "2/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Financial',
'location': 'United States (California)',
'name': 'U.S. Merchants Financial Group, Inc.',
'type': 'Financial Services'}],
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names',
"driver's license "
'numbers',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-02-13',
'description': 'The California Office of the Attorney General reported that '
'U.S. Merchants Financial Group, Inc. experienced a data '
'breach on February 13, 2024. Personal information such as '
"names, driver's license numbers, Social Security numbers, and "
'health information may have been compromised, affecting an '
'unknown number of individuals. The organization engaged '
'third-party specialists for investigation and security '
'enhancements post-breach.',
'impact': {'data_compromised': ['names',
"driver's license numbers",
'Social Security numbers',
'health information'],
'identity_theft_risk': 'High (PII and health data exposed)'},
'investigation_status': 'Ongoing (third-party specialists engaged)',
'post_incident_analysis': {'corrective_actions': ['Security enhancements '
'(details unspecified)']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'incident_response_plan_activated': True,
'third_party_assistance': ['investigation specialists',
'security enhancement providers']},
'title': 'U.S. Merchants Financial Group, Inc. Data Breach (2024)',
'type': 'Data Breach'}