Doxim Data Breach Exposed These Types of Sensitive Personal Info

Doxim, Inc., a customer communications management and engagement technology provider, recently experienced a significant data breach that exposed sensitive personal information of thousands of individuals. The breach occurred on December 25, 2023, and December 30, 2023, when unauthorized access was detected within the portion of Doxim’s computer network supporting its credit union services.

Upon investigation, it was discovered that files containing personal data had been removed from the company’s systems. The breach affected at least 18,080 individuals in Texas alone, according to a disclosure filed with the Texas Attorney General's Office. The breach was also disclosed to the California Attorney General's Office.

The stolen data included the following types of consumer information:

• Full name
• Mailing address
• Account number
• Social Security number
• Financial information, such as credit or debit card numbers

While Doxim has stated that there is no evidence of misuse of the stolen data so far, the severity of the breach lies in the exposure of highly sensitive personal and financial information, which could be exploited for identity theft or financial fraud.

Doxim, Inc.'s Response

Doxim responded promptly to the breach by taking the affected systems offline and engaging cybersecurity experts to investigate the incident. The company also notified federal law enforcement and is actively supporting their criminal investigation into the matter.

To protect affected individuals, Doxim has partnered with Kroll, a leader in identity protection services, to offer 12 months of complimentary credit monitoring and identity theft protection. The services include single-bureau credit monitoring, fraud consultation, identity theft restoration, and up to $1 million in identity fraud loss reimbursement. Affected individuals have been sent notifications via U.S. Mail with instructions on how to activate these services.

Additionally, Doxim has implemented measures to strengthen its cybersecurity defenses and is working with third-party services to monitor online forums and marketplaces for any signs of misuse of the stolen data.

Steps to take if you are affected by the data breach

If you have been notified that your information was part of the Doxim data breach, it is important to take immediate action to protect yourself. Here are the steps you should follow:

1. Activate credit monitoring services: Use the instructions provided in the notification letter to activate the free credit monitoring and identity protection services offered by Kroll.
2. Review your credit reports: Obtain a free copy of your credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) through AnnualCreditReport.com. Look for any unfamiliar accounts or transactions.
3. Place a fraud alert or security freeze: Contact one of the credit bureaus to place a fraud alert on your credit file, which will make it harder for identity thieves to open accounts in your name. Alternatively, you can place a security freeze on your credit report to prevent any new credit inquiries.
4. Monitor your financial accounts: Regularly check your bank and credit card statements for unauthorized transactions. Report any suspicious activity to your financial institution immediately.
5. Be cautious of phishing attempts: Scammers may attempt to exploit the breach by sending fraudulent emails or phone calls pretending to be from Doxim or financial institutions. Avoid clicking on suspicious links or providing personal information over the phone.
6. Obtain an IRS Identity Protection PIN: To prevent fraudulent tax filings, consider requesting an Identity Protection PIN from the IRS. Visit the IRS website for more information.
7. Stay informed: Keep an eye out for further updates from Doxim regarding the breach and any additional protective measures they may implement.