Cyber Incident Victim: Federal Communications Commission

On November 17, 2022, 1st Franklin Financial Corporation (1FFC) experienced a cyberattack that compromised its computer network. The company secured its systems following the attack and initiated an investigation to determine the nature and scope of the incident. The investigation confirmed that an unauthorized party accessed certain files containing consumer data stored on 1FFC's IT network. While the company did not disclose specific details about the attack methodology or discovery process, the compromised files included sensitive consumer information. Affected data elements varied by individual but encompassed names, Social Security numbers, bank account numbers with routing numbers, and information from consumer credit reports. 1FFC completed its review of the impacted files and confirmed the data exposure on an unspecified date prior to its regulatory filing.

1st Franklin Financial Corporation filed formal notice of the breach with the Montana Attorney General's office on February 14, 2023. The company began mailing individualized data breach notification letters to affected consumers on January 10, 2023, more than seven weeks after detecting the incident. These notifications confirmed the exposure of financial identifiers and credit-related information for applicants and recipients of 1FFC's consumer loan services. The Georgia-based financial institution, which operates 340 branches across multiple states, provides personal loans for purposes including auto repairs, medical expenses, and debt consolidation. The breach impacted an undisclosed number of customers who had entrusted their data during loan application processes. No information was provided regarding the total number of affected individuals, specific network vulnerabilities exploited, or whether data was exfiltrated versus merely accessed.