STERLING, Ill., Oct. 18,
2024 /PRNewswire/ --
WHAT HAPPENED?
RRCA Accounts Management, Inc. ("RRCA"), a full-service
collection agency, experienced a security incident from a
ransomware attack from the Play threat actors on June 6, 2024, and immediately stopped the
intrusion on June 7, 2024. A
cybercriminal illegally attacked a limited part of our systems
without permission. We then immediately hired expert third parties
to commence a forensic investigation of the security incident. The
initial investigation showed that the majority records accessed
were not personal information. However, we learned through ongoing
forensic investigatory efforts that there was a full release
of our clients' customers' personal information on
August 20, 2024, leading to this
notification. We then did a thorough investigation to identify
those consumers whose information was impacted.
WHAT INFORMATION WAS INVOLVED?
RRCA informed its clients, health
care providers or other business
companies for which data is collected regarding
outstanding payments, about this event and what customer personal
information may have been accessed. The personal information
that may have been accessed by a third party includes contact
information (such as name, address, date of birth, phone number and
email) and one or more of the following:
- Social security number or taxpayer ID
- Driver's license number
- Passport number
- Telephone number
- Health insurance information
- Health data, such as medical record numbers and places of
treatment and doctors
- Health payment information such as billing and insurance claims
and payment card and account numbers
- Username or IP address
- Potentially some demographic information, such as gender,
religious views or race
The data that was accessed was not the same for each person and does not always include all the above data
elements.
WHAT ARE WE DOING?
RRCA has been diligently working with law enforcement and
forensic investigators to conduct a thorough review of the
potentially affected data. RRCA has implemented additional
organizational, technical and administrative security measures to
prevent the reoccurrence of such a breach and to protect the
privacy of its clients.
WHAT CAN CONSUMERS IMPACTED DO?
RRCA is sending out notifications to impacted customers of its
clients so that action can be taken which will assist to minimize
or eliminate potential harm. It is strongly advised that preventive
measures be taken to help prevent and detect any misuse of
information.
To help protect affected individuals, RRCA
has retained CyEx, a specialist in identity theft prevention
to provide credit monitoring services and identity theft services,
free of charge.
As a first step, it is
recommended to monitor financial and health
accounts for any unauthorized activity and
promptly contacting
the appropriate financial institution or health
insurance carrier if detected.
To further protect from the possibility of identity theft, it is
also recommended that fraud alerts are placed with
each of the three credit bureaus – Equifax, Experian, and
TransUnion. A fraud alert will make it harder for a
new credit account to be opened, as the business must verify
identity before it issues new credit. A fraud alert
should not stop the use of existing credit cards or other accounts,
but it may slow down the ability to get new credit. An initial
fraud alert is valid for ninety (90) days. To place a
fraud alert on credit reports, contact one of the
three major credit reporting agencies at the appropriate number
listed below or via their website. One agency will notify the other
two on your behalf. Letters will then be sent from the agencies
with instructions on how to obtain a free copy of the credit report
from each.
- Equifax (888) 766-0008 or www.fraudalert.equifax.com
- Experian (888) 397-3742 or www.experian.com
- TransUnion (800) 680-7289 or www.transunion.com
Even if no suspicious activity is detected on the initial credit
reports, the Federal Trade Commission (FTC) recommends checking
credit reports periodically. Checking credit reports periodically
can help spot a problem and address it quickly.
WHO TO CALL OR CONTACT
WITH QUESTIONS?
If there are further
questions or concerns, please contact the RRCA
Accounts Management Team at this special telephone number
1-855-277-4799, Monday through Friday, 9:00
a.m. to 9:00 p.m., Eastern Time, except holidays.
View original
content:https://www.prnewswire.com/news-releases/rrca-accounts-management-inc-reports-ransomware-attack-and-data-breach-302280547.html
SOURCE RRCA Accounts Management, Inc.