Results 1 to 25 of 51
Hybrid View
-
06-03-2024, 12:06 PM #1
- Join Date
- Dec 2015
- Location
- Costa Mesa
- Posts
- 234
Centrex Software Security Incident
DailyFunder Community,
I have always maintained transparency in all my posts about Centrex Software and our service to the alternative corporate finance community. We are dedicated advocates of the entire corporate finance space and operate our business with the utmost integrity. We deeply value our relationships with each of our clients, vendors, and partners.
We want you to hear from us directly before any false rumors or claims circulate within the industry. On May 21, 2024, Centrex Software became aware of a vulnerability within our service provider's system that was exploited by an unidentified, unauthorized party, potentially allowing access to client documents stored in our service provider's systems. We immediately worked with our service provider as they launched their incident response protocol to investigate the incident’s details, including to identify the responsible party, confirm the root cause, and verify the type of data that may be involved. They were able to successfully resolve the vulnerability by 5:45pm CST on May 21, 2024.
Currently, our team is focused on a comprehensive analysis to ensure we understand the full scope and nature of the incident. This analysis is augmented by external cybersecurity specialists at Kroll, SureFire Cyber, and our outside counsel. The FBI has been notified of this incident and we are making progress in determining who may be responsible for these actions. We fully intend to prosecute those involved in this egregious act.
While the immediate security concern has been addressed, we are taking steps to prevent future occurrences. We will share additional information as it becomes available, including any updates from law enforcement, and we will provide guidance on our customer and consumer notification process once our investigation is complete.
We will update the following FAQ with new information as it becomes available.
What was the issue identified?
We identified that code in a legacy client portal exposed a vulnerability in which an unauthorized third-party exploited client documents. It was discovered and patched on May 21, 2024. We are working closely with our cybersecurity specialists to confirm these details.
Why am I just being notified now on June 3rd 2024?
Our service provider's incident response protocol is a strict process and takes time to make sure Centrex Software customers are aware of the facts.
Was this ransomware?
No, this is not a ransomware incident.
Who is your service provider?
Set Forth, Inc. (“Forth”) provides the intellectual property and maintenance services for the Centrex Software platform. We are working closely with them to investigate this incident.
How did Centrex respond?
We engaged legal counsel and cyber forensics quickly upon discovery in accordance with our policies. We preserved all available logs for analysis, as well as requesting logs from our third-party providers.
What information was involved?
Our investigation into the incident remains ongoing. Once the investigation is complete, and if our review determines any customer or personal information is involved, we will notify the appropriate parties in accordance with our legal obligations and state and Federal law. We understand the importance of this information and will ensure that this process is carried out as quickly and efficiently as possible.
Who can we contact if we have more questions?
All questions concerning the incident should be submitted to incidents@centrexsoftware.com. We will respond to each question as soon as we can and appreciate your patience and understanding through this process.
We work hard every day to provide our clients a secure, reliable system, and to operate our business with the utmost integrity and transparency. We welcome any questions or comments you may have, and we remain committed to delivering on our promises to you.
Kind Regards,
Trey Markel
VP Sales & Marketing
(888) 622-5810
www.CentrexSoftware.com
-
06-03-2024, 01:01 PM #2
- Join Date
- Mar 2014
- Location
- Florida
- Posts
- 2,993
Thank you for the info
You are not alone - https://www.foxnews.com/tech/android...teal-your-dataLast edited by Yankeeman07; 06-03-2024 at 01:06 PM.
Dave Lambert, Business Development
dave@fcbankcard.com
Merchant Services Consultant
High Risk Merchant Payment Solutions
SBA 7(a) Loans & Short-Term Funding
T/VM: 727-291-7890
Office: 727-233-1111
Skype: fc-financial
-
06-03-2024, 04:24 PM #3
- Join Date
- Apr 2019
- Posts
- 7
Centrex
I appreciate the transparency and accountability. I've used Centrex Software for over 7 years and have seen the dedication that the team puts into both their tech's security as well as the integrity of the Centrex team to know that my data is always safe. The largest tech companies in the world have data breaches. It's been refreshing to see how the Centrex team has prioritized making sure that the vulnerability was fixed as quickly as possible and for taking such accountability.
-
06-04-2024, 09:23 AM #4
- Join Date
- Aug 2020
- Posts
- 148
The amount of voided checks and SSNs on Centrex means this incident could be catastrophic. When do we get more information on what was stolen and who was involved? (yes I'm a Centrex user).
-
06-04-2024, 02:46 PM #5
- Join Date
- Apr 2021
- Posts
- 54
Wow this is some serious stuff. First time Centrex is openly admitting a data leak.. For years people have been speculating this.
I wonder if this was a rogue employee that was selling leads to brokers? Makes you wonder. Hopefully they're able to resolve this and never have issues like this in the future. A lot of data being stored on Centrex.
Do we have any more updates?
-
06-04-2024, 02:51 PM #6
- Join Date
- Mar 2024
- Posts
- 253
Curious if it will be made available who was impacted (funders names etc). This would in theory be relevant to all brokers as we may have had our files accessed where we fund our deals. Curious to hear updates, this seems rather serious.
-
06-04-2024, 03:07 PM #7
I’ve worked with centrex for many years and never had any issues whatsoever. Target had a data breach and I still shop there. Experian had a data breach and I still use their services.
Every software has had **** happen — just chill out and keep funding.Zachary Ramirez – CEO
Phone: 562-391-7099
Email: zach@zacharyjosephramirez.com
1661 N. Raymond Ave #265
Anaheim CA 92801
-
06-04-2024, 03:09 PM #8
- Join Date
- Mar 2024
- Posts
- 253
-
06-04-2024, 04:51 PM #9
- Join Date
- Feb 2019
- Location
- FL
- Posts
- 99
There is probably a high likelihood that whoever perpetrated the hack has no idea what the value of the data is or where to sell it. Your best odds over here would be keep an eye out if you see this information surfacing as leads for sale.
If you feel like that's the case, you may consider sending out an email to your merchants notifying them about the breech and let them know to ignore all calls, emails etc.
This may be a bit tough as this is an industry that merchants already get a ton of calls and work with a ton of brokers...
-
06-04-2024, 04:53 PM #10
- Join Date
- Mar 2024
- Posts
- 253
-
06-05-2024, 09:41 AM #11
- Join Date
- Aug 2020
- Posts
- 148
I think the risk is a lot worse than having your deals being sold as leads. The risk is that the "hacker" now has the ability to steal these merchant's identities, and possibly directly steal funds using the information they just accessed. I agree that people should look out for fraudulent leads and calls, but also keep an eye out for an increase in frozen accounts in the future as a result of fraud.
Of course we still don't know who the perpetrator is or their intentions. Hopefully we'll get more info soon. Also, some of you may not care because you're a broker and don't have long term financial relationships with these merchants, but some of us have millions tied up in these businesses and in the Centrex system. A merchant doesn't know who or what Centrex is, they just know that the funder they used got hacked and are the ones responsible for their stolen identity.
-
06-05-2024, 01:12 PM #12
- Join Date
- Mar 2015
- Location
- Boynton Beach
- Posts
- 3,508
Kevin Henry
VP-Business Development
Seacoast Business Funding, a division of Seacoast Bank
561-850-9346
Kevin.Henry@SeacoastBF.com
1880 N Congress Ave., Suite 404
Boynton Beach, FL 33426
-
06-06-2024, 11:25 AM #13
- Join Date
- Mar 2014
- Location
- Florida
- Posts
- 2,993
No Industry is Immune from Attacks
https://ien.formstack.com/forms/indu...breach_podcastDave Lambert, Business Development
dave@fcbankcard.com
Merchant Services Consultant
High Risk Merchant Payment Solutions
SBA 7(a) Loans & Short-Term Funding
T/VM: 727-291-7890
Office: 727-233-1111
Skype: fc-financial
-
06-14-2024, 10:12 AM #14
- Join Date
- Apr 2021
- Posts
- 54
Do we have any updates here? A recent lawsuit was just filed of someone suing Centrex for backdooring data.
https://fintalknow.com/centrex_lawsuit
-
06-14-2024, 10:37 AM #15
- Join Date
- Jun 2015
- Posts
- 3,326
-
06-14-2024, 11:52 AM #16
- Join Date
- Mar 2024
- Posts
- 253
welp...
-
06-14-2024, 06:24 PM #17
- Join Date
- Dec 2015
- Location
- Costa Mesa
- Posts
- 234
On June 3rd 2024, we announced to the community and to Centrex Software customers that our service provider had a vulnerability that was exploited by a criminal third party.
Since that time, an article and a lawsuit suggest that Centrex and its service provider are the source of this data incident, and that Centrex and its service provider participate in a common industry practice of “backdooring” or buying and selling customer data. Neither Centrex nor its service provider have evidence or reason to believe that the data was accessed and/or released by any person within its organizations. Nor does Centrex or its service provider ever buy or sell customer data or information in any way.
The two forensic cyber security firms that our service provider is working with are at the tail end of their investigation.
I would also recommend looking at the very next article on the homepage of fintalknow.com, as it clearly represents the true problem within the alternative corporate finance sector as it relates to data and document theft.
https://fintalknow.com/lead_source
Cheers,
Trey Markel
VP Sales and Marketing
(888) 622-5810
tmarkel@centrexsoftware.com
www.centrexsoftware.com
-
06-14-2024, 09:46 PM #18
- Join Date
- Mar 2024
- Posts
- 253
Will be very interesting to see if some "well known" names in the MCA space are behind this. Wonder if anyone has beef with the plaintiff that also has a way to get access to things?
Following.
-
06-17-2024, 09:35 AM #19
- Join Date
- Aug 2020
- Posts
- 148
The real interesting part is that the article doesn't just quote the lawsuit verbatim. They actually claim to have additional sources identifying the people directly involved in these transactions. This is the beginning of a potential criminal case if there's any truth to it.
-
06-17-2024, 01:39 PM #20
- Join Date
- Apr 2021
- Posts
- 54
-
06-17-2024, 04:23 PM #21
- Join Date
- Jun 2015
- Posts
- 3,326
-
06-17-2024, 08:28 PM #22
- Join Date
- Mar 2014
- Location
- Florida
- Posts
- 2,993
C:\Users\Administrator>ping www.fintalknow.com
Pinging www.fintalknow.com [44.205.157.68] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 44.205.157.68:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\Administrator>Dave Lambert, Business Development
dave@fcbankcard.com
Merchant Services Consultant
High Risk Merchant Payment Solutions
SBA 7(a) Loans & Short-Term Funding
T/VM: 727-291-7890
Office: 727-233-1111
Skype: fc-financial
-
06-17-2024, 08:32 PM #23
- Join Date
- Mar 2014
- Location
- Florida
- Posts
- 2,993
Address
150 SE 2nd Ave
Miami FL 33131
Contact
team@fintalknow.com
305-204-7360Dave Lambert, Business Development
dave@fcbankcard.com
Merchant Services Consultant
High Risk Merchant Payment Solutions
SBA 7(a) Loans & Short-Term Funding
T/VM: 727-291-7890
Office: 727-233-1111
Skype: fc-financial
-
06-23-2024, 03:17 PM #24
- Join Date
- May 2024
- Posts
- 3
I know an mca company based at the address that was pinged
-
06-17-2024, 02:31 PM #25
- Join Date
- Dec 2015
- Location
- Costa Mesa
- Posts
- 234
Just curious.....does anyone know who owns or runs the fintalknow.com website?
I consider myself a professional, seasoned marketer in the fintech space and I have never heard of this website until someone sent me the article on Centrex last week. I was never called or emailed for a comment or an interview which is standard practice when writing such articles.
Thoughts?
Cheers,
Trey Markel
VP Sales and Marketing
(888) 622-5810
tmarkel@centrexsoftware.com
www.centrexsoftware.com
Similar Threads
-
Easify Software is looking for an experienced sales rep to sell the best MCA Software
By AdamSchwartz in forum Help WantedReplies: 10Last Post: 05-28-2024, 09:54 PM -
MCA software - LendSaas vs Centrex
By BIG in forum Financial ServicesReplies: 5Last Post: 04-26-2023, 01:09 PM -
Centrex Software is Launching New Tech Next Week
By treymarkel in forum Merchant Cash AdvanceReplies: 0Last Post: 12-03-2021, 12:21 PM -
Shout Out to Centrex Software
By profunder in forum Financial ServicesReplies: 0Last Post: 12-15-2020, 02:58 PM -
Centrex Software
By Triton in forum Everything elseReplies: 3Last Post: 03-12-2019, 04:31 PM