Progrexion Admits To Data Breach By Third Party
On May 26, 2021, Progrexion ASG, Inc. reported to the Oregon Attorney General’s office that they had experienced a data breach.
Submitted Breach Information
Organization Name: Progrexion ASG, Inc.
Reported Date: 5/26/2021
Date of Breach: 3/5/2021
Discovery of Breach: Thursday, April 8, 2021
Progrexion, a credit-repair company located at 257 East 200 South, Salt Lake City, Utah 84111, advised of an incident that may involve unauthorized access to personal information of individuals in their database.
UPDATE: On June 16, Progrexion started sending letter notices to individuals throughout the United States whose data where accessed by an unauthorized third party. Many of these individuals seem unaware of the existence of Progrexion and were taken aback that their personal details were in a database owned by a company they did not recognize.
According to Progrexion, the company first discovered search patterns on April 8, 2021, that indicated a malicious third-party was using Progrexion’s public-facing platforms to request certain information to help individuals decide if Progrexion’s assistance is required. While the information the malicious third-party obtained did not include social security number or any passwords or access codes to accounts that individuals maintain, it appears that the malicious third-party may have already possessed this or similar information about individuals from some source other than Progrexion. The malicious third-party used this information to access Progrexion’s public-facing platforms to possibly view individuals’ FICO score, account number or institution identity (e.g., name of a bank) and limited details about that account (e.g., if any payments were late).
WHAT INFORMATION WAS INVOLVED?
The information that was potentially involved in the Incident may have included individuals’ FICO score, account numbers or institution identity (e.g., name of a bank) and limited details about that account (e.g., if any payments were late, balances and the like).
According to Progrexion, the third party did not access from Progrexion individuals’ Social Security number or any passwords or access codes to accounts that individuals maintain.
Progrexion’s consumer brands include Lexington Law, CreditRepair.com, and credit.com.