Microf Data Breach Exposes Social Security Numbers

Microf, LLC, a financial services firm specializing in lease-to-own solutions for HVAC and water heater systems, recently experienced a significant data breach that has affected consumers in multiple states.

According to disclosures filed with the Massachusetts and New Hampshire attorney general offices, the incident was first made public on Dec. 23, 2025, and involved the exposure of sensitive personal information, including names and Social Security numbers.

The breach was the result of a ransomware attack carried out by the Qilin group, a known cybercriminal organization. On July 9, 2025, Qilin posted on their dark web portal that they had compromised Microf’s systems and obtained organizational data. The group also shared sample screenshots as proof of their claims.

In Massachusetts, 24 individuals were reported as affected, while seven were impacted in New Hampshire. The types of consumer information exposed in this breach include personally identifiable information such as names and Social Security numbers.

The severity of this breach is heightened by the involvement of a sophisticated ransomware group, the exposure of Social Security numbers, and the public posting of stolen data samples on the dark web.

Microf’s response

In the aftermath of the breach, Microf began notifying affected individuals by letter, outlining the steps taken to address the incident and protect consumers. Although there is no evidence of identity theft or fraud resulting from the event as of this writing, the company is offering 24 months of complimentary credit monitoring and identity theft protection services through Cyberscout, a TransUnion company. Affected individuals are encouraged to enroll in these services within 90 days of receiving their notification letter.

Additionally, Microf has provided instructions for placing fraud alerts or credit freezes with the major credit bureaus. Consumers are also entitled to a free annual credit report from each of the three major credit reporting agencies. The company has set up a dedicated call center to answer questions and assist those impacted by the breach.

Given the nature of the attack and the information exposed, it is recommended that affected individuals:

• Enroll in the offered credit monitoring and identity theft protection services promptly
• Monitor their credit reports and financial accounts for any suspicious activity
• Consider placing a fraud alert or credit freeze with the credit bureaus
• Report any suspected identity theft to law enforcement and their state attorney general