Cyber Incident Victim: Snap Finance, LLC
Date:
Dec 2022
Location:
United States of America
Summary
A data breach at Snap Finance exposed sensitive consumer information after an unauthorized party accessed the company's computer network. Compromised data included names, addresses, Social Security numbers, government-issued identification numbers, and financial account details. The company identified affected individuals through file reviews and issued notification letters to victims, with Texas authorities confirming at least 6,733 impacted residents in the state. The Utah-based financial services provider specializes in alternative credit options for consumers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 5, 2022, Snap Finance, LLC and Snap RTO, LLC filed a data breach notice with the Texas Attorney General after discovering unauthorized access to confidential consumer information stored on their computer network. The breach exposed sensitive personal and financial data, including names, addresses, Social Security numbers, government-issued identification numbers, and financial account information. Upon detecting the security incident, Snap Finance initiated a review of affected files to identify compromised information and impacted consumers. The company determined that the unauthorized party—described as likely a hacker—gained access by bypassing Snap Finance's data security systems. While the specific timeline of the intrusion and discovery wasn't disclosed, Snap Finance completed its review and mailed data breach notification letters to all affected individuals on December 5, 2022. The Texas Attorney General's breach reports indicated 6,733 affected consumers in Texas alone, though the total number of victims nationwide remains unspecified in available reports.
Snap Finance specializes in providing lease-to-own agreements, installment loans, and credit lines up to $5,000 for consumers with limited traditional credit options, operating since 2012 from West Valley City, Utah. The compromised information varied by individual but consistently involved high-risk identifiers that increase victims' susceptibility to identity theft and financial fraud. The company did not publicly post a breach notice on its website despite regulatory filings, limiting available details about attack vectors or containment measures. No operational disruptions or system outages were mentioned in the notification. With 664 employees and approximately $139 million in annual revenue, Snap Finance's breach exposed fundamental consumer data provided during loan applications or lease agreements through its platforms. The incident represents a significant compromise of financial identity information for vulnerable borrowers who relied on the company's specialized credit services.