Doxim Data Breach Impacts Identities of Credit Union Members Featured

LockBit gang claims responsibility for Doxim data breach that exposed untold numbers of Credit Union members to identity theft.

A class action lawsuit was recently filed after Doxim, a provider of customer engagement software and document solutions for regulated industries, filed notice that it was again the target of a data breach that involved the exfiltration of personal identifying information belonging to the customers of the clients it serves.

This latest breach follows a 2021 breach at the Company that involved the personal information of over 70 million individuals. The Company has not divulged how many individuals were affected by this latest data breach.

About Doxim

Doxim focuses on delivering digital transformation and customer communications management solutions to financial services and healthcare organizations. Doxim’s offerings include automated client onboarding, account opening, loan origination, and digital transaction management. Its solutions aim to enhance customer experience, streamline operations, and ensure regulatory compliance. Doxim serves a wide range of clients, including banks, credit unions, wealth management firms, and insurance companies. The company is headquartered in Canada and operates across North America.

What Happened?

According to the Notice of Security Incident posted on the Office of the Attorney General of California’s website, on December 30, 2023, Doxim identified unusual activity on the section of its computer network dedicated to credit union services. In response, Doxim claims it immediately shut down these systems, informed law enforcement, and brought in cybersecurity experts to conduct an investigation.

During this process, Doxim found that files had been taken from its network. A thorough review revealed that some of these files contained personal information. Doxim is cooperating with federal law enforcement on the criminal investigation and is collaborating with cybersecurity experts to strengthen its defenses.

According to BreachSense, LockBit, a criminal hacking organization, was responsible for the breach.

What Information was Involved?

According to the breach notice, information obtained by the hackers include –

  • name,
  • mailing address,
  • account number, and/or
  • Social Security number.

On May 31, 2024, Doxim began notifying individuals affected by the breach. However media reports suggest that at some point prior to this, Doxim began notifying at least some of its direct customers about the breach. For example, on May 29th, 2024, Tuliant, a North Carolina Credit Union reported that it was looking into a recent data breach reported by one of its old vendors. A spokesman said a third-party company – Doxim is responsible. Financial Plus Credit Union has made a similar announcement.

What is Doxim Doing to Protect My Identity?

Doxim is working with federal law enforcement and cybersecurity experts to fortify its cybersecurity defenses. It has also hired a third-party service to monitor online forums and marketplaces for related information.

As a result of the data breach, Doxim is offering 12 months of free credit monitoring and/or identity theft protection services to affected individuals.

What Can Hackers Do With My Information?

Stolen Personal Identifying Information can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cyber-criminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.

Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.

Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.

If you receive a data breach notification from Doxim, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

Protect Your Identity. Join the Doxim Data Breach Class Action.

The lawsuit alleges that Doxim breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.

If you receive a notification letter from Doxim, you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.

You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by Doxim on May 31, 2024.

Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you.


Leave a Reply

Your email address will not be published. Required fields are marked *