Page last updated on September 29, 2025
PROG Holdings, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-09-21 16:31:31 EDT.
Incident Details
Material: No
Is Breach: Yes
Records Compromised: Unknown
Data Types Impacted: Unspecified, Social Security Number
Compromised Date: Unknown
Detected Date: Unknown
Disclosure Date: 2023-09-21
Contained Date: Unknown
Recovered Date: Unknown
Attack Goal: Unknown
Attack Tactics1: No Attack Tactics Tracked (yet)
Attack Techniques1: No Attack Techniques Tracked (yet)
Costs: Not Tracked (yet)
- Incident response (Indirect): Not Tracked (yet)
- Forensics (Indirect): Not Tracked (yet)
- Third-party costs (Indirect): Not Tracked (yet)
Filings
8-K filed on 2023-09-21
PROG Holdings, Inc. filed an 8-K at 2023-09-21 16:31:31 EDT
Accession Number: 0001193125-23-239623
Item 8.01 Other Events.
PROG Holdings, Inc. (the "Company") today announced that its Progressive Leasing subsidiary ("Progressive Leasing") recently experienced a cybersecurity incident affecting certain of Progressive Leasing's systems. Promptly after detecting the incident, the Company engaged leading third-party cybersecurity experts and took immediate steps to respond to, remediate and investigate the incident. Law enforcement was also notified. There has been no major operational impact to any of Progressive Leasing's services as a result of the incident and the Company's other subsidiaries have not been impacted.
The Company's investigation into the incident, including identification of the data involved, remains ongoing. Based on preliminary findings from the Company's investigation, the Company believes the involved data contained a substantial amount of personally identifiable information, including social security numbers, of Progressive Leasing's customers and other individuals. Progressive Leasing will provide notice to those individuals whose personally identifiable information was involved in the incident, as well as to regulatory authorities, in accordance with applicable laws.
While no company can ever eliminate the risk of a cyberattack, the Company has taken, and will continue to take, appropriate steps, working with its third-party cybersecurity experts, to further harden its systems to protect against future incidents.
The Company has incurred, and may continue to incur, significant expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by the Company's cybersecurity insurance, has not been determined. Although the Company is unable to predict the full impact of this incident, the Company does not currently expect that it will have a material effect on the Company's financial condition and results of operations.
Company Information
| Name | PROG Holdings, Inc. |
| CIK | 0001808834 |
| SIC Description | Services-Equipment Rental & Leasing, NEC |
| Ticker | PRG - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |