Industrial Acceptance Corporation this week confirmed it notified 79,216 people of a February data breach that compromised names, Social Security numbers, and driver’s license numbers.
IAC says a ransomware group called Inc was responsible for the breach. Inc never listed IAC on the cybercriminal gang’s data leak site. However, in March 2025, another ransomware group called Akira took credit for an attack on IAC. Akira says it stole 60 GB from the company.
IAC has not acknowledged Akira’s claim and Comparitech cannot independently verify it. We do not know how attackers breached IAC, if IAC paid a ransom, or how much either ransomware group demanded. Comparitech contacted IAC for comment and will update this article if it replies.
“On February 24, 2025, IAC became aware of unauthorized activity in its network. In response, we took our systems offline until we could safely restore our operations,” says IAC’s notice to breach victims.
“It was later determined that IAC experienced a ransomware event claimed by the group, INC. On or around March 4, 2025, IAC learned that certain files were
taken from its network by the unauthorized actor. ”
IAC is offering breach victims whose SSN was compromised 12 months of credit monitoring through Cyberscout. The deadline to enroll is 90 days from the date on the notice letter.
Who is Inc?
Inc is a ransomware group that first surfaced in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software. Once infected, Inc’s malware both steals data and locks down computer systems until a ransom is paid to unlock them.
Inc has claimed responsibility for 783 ransomware attacks in total. Of those, 190 were confirmed by the organizations that Inc targeted. Eight of Inc’s confirmed attacks hit finance companies. In addition to IAC, they include:
- Ingo Money notified 2,200 people of a November 2023 data breach
- Elemetal notified 13,608 people of an August 2023 data breach
- Pantana Accounting & Tax notified 4,139 people of a February 2024 data breach
- National Boat Owners Association notified 3,580 people of a May 2025 data breach
- Potts, Steele & White reported a July 2025 data breach
- Evolve Mortgage Services notified 6,663 people of a September 2025 data breach
- Beacon Mutual Insurance Company notified 144,616 people of a January 2026 data breach
In 2026 to date, Inc has taken credit for 203 attacks, 23 of which have been confirmed.
Ransomware attacks on US finance
Comparitech researchers logged 69 confirmed ransomware attacks on US finance companies in 2025. Those attacks compromised 1.5 million personal records.
In 2026 so far, we’ve recorded nine confirmed attacks that collectively leaked more than 147,000 personal records.
Other such recent attack claims include:
- Starr Insurance reported a November 2025 data breach claimed by Akira
- MemberSource Credit Union notified 22,353 people of a June 2025 data breach claimed by SafePay
- Time Equities reported an October 2025 data breach claimed by Payouts King
- American Lending Center notified 123,158 people of a July 2025 ransomware attack
- Hawaii Employers’ Mutual Insurance reported a February 2026 data breach claimed by LeakedData and Silent Ransom Group
- US Tiger Securities notified 26,985 people of a July 2025 ransomware attack
- Loop Capital reported a February 2026 data breach claimed by Chaos
Ransomware attacks can both steal data and lock down computer systems. Once infected, the attacker then demands a ransom to delete stolen data and restore systems. Companies that refuse to pay can face extended downtime, permanent data loss, and putting customers at increased risk of fraud.
About Industrial Acceptance Corporation
Based in New Haven, CT, Industrial Acceptance Corporation is an auto financing company that serves the New England area. It does business with more than 1,000 auto dealers, according to its website.