RRCA Accounts Management, Inc. Reports Ransomware Attack and Data Breach
WHAT HAPPENED?
RRCA Accounts Management, Inc. (“RRCA”), a full-service collection agency, experienced a security incident from a ransomware attack from the Play threat actors on June 6, 2024, and immediately stopped the intrusion on June 7, 2024. A cybercriminal illegally attacked a limited part of our systems without permission. We then immediately hired expert third parties to commence a forensic investigation of the security incident. The initial investigation showed that the majority records accessed were not personal information. However, we learned through ongoing forensic investigatory efforts that there was a full release of our clients’ customers’ personal information on August 20, 2024, leading to this notification. We then did a thorough investigation to identify those consumers whose information was impacted.
WHAT INFORMATION WAS INVOLVED?
RRCA informed its clients, health care providers or other business companies for which data is collected regarding outstanding payments, about this event and what customer personal information may have been accessed. The personal information that may have been accessed by a third party includes contact information (such as name, address, date of birth, phone number and email) and one or more of the following:
- Social security number or taxpayer ID
- Driver’s license number
- Passport number
- Telephone number
- Health insurance information
- Health data, such as medical record numbers and places of treatment and doctors
- Health payment information such as billing and insurance claims and payment card and account numbers
- Username or IP address
- Potentially some demographic information, such as gender, religious views or race
The data that was accessed was not the same for each person and does not always include all the above data elements.
WHAT ARE WE DOING?
RRCA has been diligently working with law enforcement and forensic investigators to conduct a thorough review of the potentially affected data. RRCA has implemented additional organizational, technical and administrative security measures to prevent the reoccurrence of such a breach and to protect the privacy of its clients.
WHAT CAN CONSUMERS IMPACTED DO?
RRCA is sending out notifications to impacted customers of its clients so that action can be taken which will assist to minimize or eliminate potential harm. It is strongly advised that preventive measures be taken to help prevent and detect any misuse of information.
To help protect affected individuals, RRCA has retained CyEx, a specialist in identity theft prevention to provide credit monitoring services and identity theft services, free of charge.
As a first step, it is recommended to monitor financial and health accounts for any unauthorized activity and promptly contacting the appropriate financial institution or health insurance carrier if detected.
To further protect from the possibility of identity theft, it is also recommended that fraud alerts are placed with each of the three credit bureaus – Equifax, Experian, and TransUnion. A fraud alert will make it harder for a new credit account to be opened, as the business must verify identity before it issues new credit. A fraud alert should not stop the use of existing credit cards or other accounts, but it may slow down the ability to get new credit. An initial fraud alert is valid for ninety (90) days. To place a fraud alert on credit reports, contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. Letters will then be sent from the agencies with instructions on how to obtain a free copy of the credit report from each.
- Equifax (888) 766-0008 or www.fraudalert.equifax.com
- Experian (888) 397-3742 or www.experian.com
- TransUnion (800) 680-7289 or www.transunion.com
Even if no suspicious activity is detected on the initial credit reports, the Federal Trade Commission (FTC) recommends checking credit reports periodically. Checking credit reports periodically can help spot a problem and address it quickly.
WHO TO CALL OR CONTACT WITH QUESTIONS?
If there are further questions or concerns, please contact the RRCA Accounts Management Team at this special telephone number 1-855-277-4799, Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time, except holidays.
SOURCE RRCA Accounts Management, Inc.