Home > Security > Security News

Xactus Hacker Stole Data from Breached Email Account

Published on February 18, 2025
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor

Financial technology company Xactus LLC filed a notice of data breach with the Attorney General of Massachusetts on February 14. The company identified suspicious activity pertaining to emails last year on July 15. 

The hacker maintained access to the email account between June 26 and July 15, 2024, and stole some information, the notice read. There were intermittent durations of unauthorized access, a third-party forensic analysis confirmed.

They were removed from the compromised email account within an hour of the discovery. Investigations continued through November 25, 2024, by an e-discovery firm to get sufficient information about impacted users so they could be alerted.

On January 15, the team completed the search for specific addresses that were accessed. Names of users, along with other data, are speculated to have been affected. 

Xactus, which offers verification solutions for the mortgage industry, is offering free credit monitoring and identity restoration services through IDX for twenty four months, with a registration deadline of May 14, 2025.

Users may place a fraud alert on credit files at no cost and are requested by the firm to remain cautious of identity theft by reviewing their account statements for unauthorized transactions.

Identity theft involves using an individual's credentials for impersonation and making a profit based on their asset and records. A threat actor may file false insurance claims in a target’s name, buy a sim card for vishing scams, engage in kidnapping scams or other crimes based on the profile of the target.

Since not much was disclosed in the data breach notice, and considering Xactus offers credit reporting services, a hacker may use the stolen email data to breach more accounts via social engineering attacks and using infostealers. 

Add a Comment
Related
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Threat actor targeting energy and aerospace sectors
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
European Parliament Member Hannah Neumann Targeted in Iranian APT42-Linked Hacking Campaign
Google Cookie Prompts
Google Eliminates Cookie Prompts in Chrome, Enhances Incognito Mode with IP Protection
Critical Command Injection Vulnerability in Speedify VPN Could Give Full Control Over Unpatched macOS Systems
Most Popular
Wednesday Season 2
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Threat actor targeting energy and aerospace sectors
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Predator Badlands
Everything we know About Predator: Badlands – new Monsters & Alien Connections
Robert Irwin
All we know About Dancing With The Stars 2025 (Season 34)
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Everything we know About Predator: Badlands – new Monsters & Alien Connections
All we know About Dancing With The Stars 2025 (Season 34)

Most Popular
Wednesday Season 2
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Threat actor targeting energy and aerospace sectors
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Predator Badlands
Everything we know About Predator: Badlands – new Monsters & Alien Connections
Robert Irwin
All we know About Dancing With The Stars 2025 (Season 34)
6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Lazarus Group ‘Operation SyncHole’ Targeted at Least Six South Korean Entities 
Blue Shield of California Site Misconfiguration Exposed Sensitive Health Data to Google for Years 
Everything we know About Predator: Badlands – new Monsters & Alien Connections
All we know About Dancing With The Stars 2025 (Season 34)

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: