Onset Financial Data Breach Exposes SSNs, Financial Info, and More

Onset Financial Inc., a Utah-based equipment leasing and finance company, experienced a data breach on May 2, 2025, that exposed sensitive personal information. The company disclosed the breach to state regulators in December 2025 and began notifying affected individuals by mail.

According to the company's notification letters, an unauthorized party gained access to certain systems within Onset Financial's network.

The company disclosed the breach to the Massachusetts Office of Consumer Affairs and Business Regulation on Dec. 16, 2025, and to the Montana Attorney General on Dec. 12, 2025. Onset Financial began sending notification letters dated Dec. 12, 2025.

How the breach unfolded

On or about May 2, 2025, Onset Financial experienced a network security incident. An unauthorized party gained access to certain systems within the company's network.

Upon detecting the incident, the company said it took steps to secure the network environment and brought in cybersecurity experts to investigate. The investigation found that certain files may have been taken without authorization.

The electronic discovery process, which involved reviewing the impacted data to determine exactly what information was affected, concluded on Nov. 24, 2025. That review determined that personal information belonging to certain individuals was present in the compromised data set.

The company then moved to notify affected individuals.

According to the company's notification, the types of information affected may be different for each person, and not every individual had all of those elements exposed.

The types of personal information exposed in this breach include names, Social Security numbers, driver's license numbers, state identification numbers, passport numbers, financial account numbers, account access information, payment card numbers, dates of birth, addresses, credit and debit card numbers, pay stubs, W-2 tax forms, and government-issued identification cards.

The breach affected six Massachusetts residents and 11 Montana residents, according to filings with those states' regulatory offices.

Onset Financial is a leading independent equipment leasing and finance company founded in 2008 and headquartered in Draper, Utah. The company specializes in flexible leasing structures for businesses ranging from small enterprises to Fortune 500 companies. It has funded over $8 billion in equipment finance transactions, according to its website.

What Onset Financial is doing in response

In its notification letters, Onset Financial stated that it has reviewed its technical safeguards and implemented enhanced security measures to prevent a similar incident from occurring in the future. The company also said it has restored affected systems and taken steps to strengthen its network security.

Additionally, the company said it has reviewed and enhanced its policies and procedures relating to the security of its systems, as well as its information life cycle management.

Onset Financial is offering affected individuals complimentary credit monitoring, credit reports and credit score services through Cyberscout, a TransUnion company. The length of the monitoring varies depending on the individual. Some affected individuals are receiving 24 months of triple-bureau credit monitoring, according to one version of the notification letter, while others are receiving 12 months of monitoring.

These services provide alerts when changes occur to an individual's Experian, Equifax or TransUnion credit files. Enrollment must be completed within 90 days from the date of the letter.

The company has also set up a dedicated help line at 1-800-405-6108. Representatives are available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays.

Steps to take if your information was exposed

If you received a notice from Onset Financial, Inc. or believe you may have been affected, there are important steps you can take to protect yourself:

• Enroll in the complimentary credit monitoring and identity theft protection services offered by Onset Financial, Inc. through Cyberscout. These services provide alerts for changes to your credit file and proactive fraud assistance.
• Place a security freeze on your credit reports with each of the three major credit bureaus (Equifax, Experian, TransUnion) to prevent new accounts from being opened in your name.
• Place a fraud alert on your credit file, which requires creditors to take extra steps to verify your identity before issuing credit.
• Obtain your free annual credit reports and review them for any unauthorized activity.
• Remain vigilant by monitoring your financial accounts and credit reports for suspicious activity.
• If you suspect identity theft, you have the right to file a police report and obtain a copy of it. You can also report suspected identity theft to your state Attorney General or the Federal Trade Commission.