Debt Collection Firm Leaks Personal Data Of Over 160,000 In Cyber Security Failure

US debt collection agency Century Financial Services said the data security incident it suffered last year compromised the sensitive personal data of more than 160,000 individuals.

Headquartered in Huntingdon, Pennsylvania, Next Level Finance Partners, doing business as Century Financial Services is a debt collection agency that specialises in purchasing and collecting overdue accounts.

In a data security incident filed with the Office of Maine Attorney General, Century Support Services said that on November 7, an unauthorised third party gained access to its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

Century Support Services also took steps to contain the incident including taking its affected systems offline and notified relevant law enforcement authorities about the same.

“After an extensive forensic investigation and manual document review, we discovered on or about May 30, 2025, that one or more of the files potentially accessed or acquired by the unauthorised party contained personal information,” Century Support Services said.

The compromised data included names, dates of birth, Social Security Numbers, driver’s license and state identification numbers, medical information, health insurance information, passport numbers, financial account information, and digital signature.

The filing with the Maine state regulator also states that the company has identified at least 160,759 individuals impacted by the incident.

While Century Support Services found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Century Support Services. The debt collection agency also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.