Modernizing Authentication — What It Takes to Transform Secure Access
Loan and check cashing company PLS Financial Services recently began notifying an undisclosed number of customers that their names, addresses, e-mail addresses and Social Security numbers may have been exposed as a result of a programming error (h/t DataBreaches.net).
"We learned on July 26, 2013 from the company that operates our Web site that their recent programming change inadvertently allowed access by a certain segment of site visitors to a restricted part of the site," PLS information security officer G. Clinton Heyworth wrote in the notification letter [PDF]. "From the time the change was made on July 11 until it was fixed two weeks later, only 34 site visitors could have accessed the restricted part of the site."
Because the company can't rule out the possibility that the restricted portion of the site may have been accessed, all those affected are being offered one free year of identity protection services from Experian's ProtectMyID Alert.
"We deeply regret any inconvenience this may cause you," Heyworth wrote. "Please be assured that we are taking steps to enhance our security measures to prevent something like from happening in the future."