GreenSky, LLC has reported a data breach involving unauthorized access to customer information through a vulnerability in a third-party application. The breach has affected at least 14 individuals and involved sensitive personal data.
GreenSky’s Data Breach Investigation
GreenSky, LLC, a financial services company based in Alpharetta, Georgia, recently disclosed a data breach that may have compromised the personal information of certain customers. The company, operating under Magenta Holdco GP, LLC, became aware of a potential security issue on August 21, 2025, linked to the Salesloft Drift application used in conjunction with Salesforce, a widely-used cloud-based CRM platform.
Salesloft notified GreenSky on August 29, 2025, that its systems may have been affected by unauthorized access. In response, GreenSky initiated a thorough internal investigation. Findings revealed that between August 13 and August 18, 2025, unauthorized actors gained access to several customer-related databases. The scope of accessed data and the individuals impacted were not immediately clear, prompting a detailed review to determine the full extent of the exposure.
The investigation concluded that personal data, including names and Social Security numbers, had potentially been exposed. GreenSky responded promptly by securing the affected systems, informing federal law enforcement, and implementing enhanced security protocols. As a precautionary measure, GreenSky is offering two years of complimentary credit monitoring through Cyberscout, a TransUnion company, to those affected.
GreenSky emphasized its commitment to protecting consumer data and is actively working to bolster its cybersecurity infrastructure. The company also began notifying state and federal regulators and the three major credit bureaus. As of October 29, 2025, written notifications have been sent to 14 impacted residents in New Hampshire. While the current number appears limited, the breach underscores the broader risks tied to third-party software vulnerabilities and the importance of ongoing vigilance in data protection practices.
When Did This Breach Occur?
GreenSky confirmed that the unauthorized access occurred between August 13, 2025, and August 18, 2025. The breach was initially identified on August 21, 2025, with further confirmation and detail provided on August 29, 2025. Notification letters were sent to affected individuals on or about October 29, 2025.
What Information Was Breached?
- Full name
- Social Security number
What You Can Do
If you believe you may be impacted by this breach, it is essential to take immediate steps to protect your personal and financial information:
- Enroll in the free credit monitoring and identity theft protection services offered by GreenSky through Cyberscout.
- Place a fraud alert on your credit file by contacting one of the three major credit bureaus.
- Consider placing a security freeze on your credit to prevent unauthorized access.
- Monitor your bank, credit card, and other financial statements regularly for unusual activity.
- Obtain your free annual credit reports from AnnualCreditReport.com and review them for discrepancies.
- Report any suspected identity theft to the Federal Trade Commission (FTC) at IdentityTheft.gov.
If you have received a notification from GreenSky or believe your information was compromised, don’t stand alone. Join the class and learn your rights. Contact Class Action U to find out what legal options may be available to you.
