More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns.
Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems.
According to the US-based company, the attackers queried its database containing customer information and applicant data to exfiltrate the information, but did not access user accounts.
“There is no evidence of unauthorized access to customer accounts and funds, and our customer-facing operations continue uninterrupted,” Prosper said.
The company said it had contained the incident and no unauthorized activity was observed since September 2. Law enforcement was notified of the attack.
While Prosper did not specify the type of personal information that was compromised, only noting that Social Security numbers were stolen, Have I Been Pwned has added the stolen information to its database, so that individuals can check if they have been affected.
The database, the breach notification service says, contains information pertaining to 17.6 million Prosper accounts, including names, addresses, IP addresses, email addresses, dates of birth, government IDs, employment statuses, income levels, credit statuses, and browser user agent details.
Prosper says it is still investigating the incident, noting it takes time to analyze the compromised information, determine who it belongs to, and coordinate notifications.
“We will be offering free credit monitoring as appropriate after we determine what data was affected. We continuously monitor accounts and have strong safeguards in place to protect customers’ funds,” Prosper said.
SecurityWeek has emailed Prosper for a statement on the compromised information and will update this article if the company responds.
UPDATE: Prosper has provided SecurityWeek the following statement:
We’re aware of the statement by [Troy Hunt of Have I Been Pwned] but we are not able to validate his claim. The investigation to determine what data was affected and to whom it belongs remains ongoing. We will be offering free credit monitoring as appropriate after we determine what data was affected. Resolving this incident is our top priority and we are committed to sharing additional information with our customers as appropriate.
Related: Customer Service Firm 5CA Denies Responsibility for Discord Data Breach
Related: SimonMed Imaging Data Breach Impacts 1.2 Million
Related: 1.2 Million Impacted by WestJet Data Breach
Related: 766,000 Impacted by Data Breach at Dealership Software Provider Motility
