Xactus Hacker Stole Data from Breached Email Account
Published on February 18, 2025
- Fintech company Xactus confirmed that it suffered a data breach in a court notice.
- The company discovered the incident on July 15, 2024, and internal investigations were completed on January 15, 2025.
- The presently unknown hacker gained access to an email account belonging to the company and stole data.
Financial technology company Xactus LLC filed a notice of data breach with the Attorney General of Massachusetts on February 14. The company identified suspicious activity pertaining to emails last year on July 15.
The hacker maintained access to the email account between June 26 and July 15, 2024, and stole some information, the notice read. There were intermittent durations of unauthorized access, a third-party forensic analysis confirmed.
They were removed from the compromised email account within an hour of the discovery. Investigations continued through November 25, 2024, by an e-discovery firm to get sufficient information about impacted users so they could be alerted.
On January 15, the team completed the search for specific addresses that were accessed. Names of users, along with other data, are speculated to have been affected.
Xactus, which offers verification solutions for the mortgage industry, is offering free credit monitoring and identity restoration services through IDX for twenty four months, with a registration deadline of May 14, 2025.
Users may place a fraud alert on credit files at no cost and are requested by the firm to remain cautious of identity theft by reviewing their account statements for unauthorized transactions.
Identity theft involves using an individual's credentials for impersonation and making a profit based on their asset and records. A threat actor may file false insurance claims in a target’s name, buy a sim card for vishing scams, engage in kidnapping scams or other crimes based on the profile of the target.
Since not much was disclosed in the data breach notice, and considering Xactus offers credit reporting services, a hacker may use the stolen email data to breach more accounts via social engineering attacks and using infostealers.
Related
Most Popular
Most Popular