{
	"id": "251428fc-722a-45b0-ba22-8949839629f0",
	"created_at": "2026-04-06T00:11:25.406805Z",
	"updated_at": "2026-04-10T03:29:39.999732Z",
	"deleted_at": null,
	"sha1_hash": "76760829afd5cb1a0220d695dc8ceea23ba9b5bd",
	"title": "Product leasing giant warns that sensitive information was stolen during cyberattack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 69855,
	"plain_text": "Product leasing giant warns that sensitive information was stolen\r\nduring cyberattack\r\nBy Jonathan Greig\r\nPublished: 2023-09-25 · Archived: 2026-04-05 17:42:11 UTC\r\nProgressive Leasing, a billion-dollar company that allows people to lease consumer products, announced a\r\ncyberattack last week.\r\nIn a statement to Recorded Future News, the company said it has seen no “major” operational impacts to its\r\nservices as a result of the attack but noted that it is still investigating what happened.\r\n“Progressive Leasing recently experienced a cybersecurity incident affecting certain Progressive Leasing systems.\r\nPromptly after detecting the incident, we engaged leading third-party cybersecurity experts and launched an\r\ninvestigation,” a spokesperson said.\r\n“Our team is working diligently alongside our cybersecurity experts and with law enforcement to investigate and\r\nrespond to this incident … The investigation into the incident, including identification of the data involved,\r\nremains ongoing.”\r\nThe Salt Lake City-based company has dozens of partnerships with major retailers like Best Buy, Samsung,\r\nCricket, Lowe's, Zales, Overstock, Dell and more. They are one of the biggest lease-to-own companies in\r\noperation and are part of a larger corporation — PROG Holdings — that offers “buy now, pay later” options.\r\nOn Thursday, the corporation reported the cyberattack to regulators at the SEC, writing that it “believes the\r\ninvolved data contained a substantial amount of personally identifiable information, including social security\r\nnumbers, of Progressive Leasing’s customers and other individuals.”\r\n“Progressive Leasing will provide notice to those individuals whose personally identifiable information was\r\ninvolved in the incident, as well as to regulatory authorities, in accordance with applicable laws,” it said.\r\n“The Company has incurred, and may continue to incur, significant expenses to respond to, remediate and\r\ninvestigate this matter. The full scope of the costs and related impacts of this incident, including the extent to\r\nwhich these costs will be offset by the Company’s cybersecurity insurance, has not been determined.”\r\nThe company’s chief financial officer added that they do not expect there to be a financial fallout from the attack\r\nas a result of limited operations — unlike cleaning giant Clorox, which reported to the SEC last week that it was\r\nfacing production issues after a cyberattack.\r\nCybersecurity expert Dominic Alvieri said the AlphV/Black Cat ransomware gang took credit for the attack on\r\nFriday, adding the company to its leak site and claiming to have stolen the personal information of more than 40\r\nmillion customers.\r\nhttps://therecord.media/product-leasing-giant-progressive-ransomware\r\nPage 1 of 2\n\nThe ransomware gang caused international headlines last week with its attack on MGM Resorts — an incident\r\nthat is still causing widespread problems across Las Vegas.\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/product-leasing-giant-progressive-ransomware\r\nhttps://therecord.media/product-leasing-giant-progressive-ransomware\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/product-leasing-giant-progressive-ransomware"
	],
	"report_names": [
		"product-leasing-giant-progressive-ransomware"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434285,
	"ts_updated_at": 1775791779,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/76760829afd5cb1a0220d695dc8ceea23ba9b5bd.pdf",
		"text": "https://archive.orkl.eu/76760829afd5cb1a0220d695dc8ceea23ba9b5bd.txt",
		"img": "https://archive.orkl.eu/76760829afd5cb1a0220d695dc8ceea23ba9b5bd.jpg"
	}
}