Progressive Leasing, a billion-dollar company that allows people to lease consumer products, announced a cyberattack last week.
In a statement to Recorded Future News, the company said it has seen no “major” operational impacts to its services as a result of the attack but noted that it is still investigating what happened.
“Progressive Leasing recently experienced a cybersecurity incident affecting certain Progressive Leasing systems. Promptly after detecting the incident, we engaged leading third-party cybersecurity experts and launched an investigation,” a spokesperson said.
“Our team is working diligently alongside our cybersecurity experts and with law enforcement to investigate and respond to this incident … The investigation into the incident, including identification of the data involved, remains ongoing.”
The Salt Lake City-based company has dozens of partnerships with major retailers like Best Buy, Samsung, Cricket, Lowe’s, Zales, Overstock, Dell and more. They are one of the biggest lease-to-own companies in operation and are part of a larger corporation — PROG Holdings — that offers “buy now, pay later” options.
On Thursday, the corporation reported the cyberattack to regulators at the SEC, writing that it “believes the involved data contained a substantial amount of personally identifiable information, including social security numbers, of Progressive Leasing’s customers and other individuals.”
“Progressive Leasing will provide notice to those individuals whose personally identifiable information was involved in the incident, as well as to regulatory authorities, in accordance with applicable laws,” it said.
“The Company has incurred, and may continue to incur, significant expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by the Company’s cybersecurity insurance, has not been determined.”
The company’s chief financial officer added that they do not expect there to be a financial fallout from the attack as a result of limited operations — unlike cleaning giant Clorox, which reported to the SEC…