WHAT HAPPENED?
RRCA Accounts Management, Inc. (“RRCA”), a full-service collection agency, experienced a security incident from a ransomware attack from the Play threat actors on June 6, 2024, and immediately stopped the intrusion on June 7, 2024. A cybercriminal illegally attacked a limited part of our systems without permission. We then immediately hired expert third parties to commence a forensic investigation of the security incident. The initial investigation showed that the majority records accessed were not personal information. However, we learned through ongoing forensic investigatory efforts that there was a full release ofour clients’ customers’ personal information on August 20, 2024, leading to this notification. We then did a thorough investigation to identify those consumers whose information was impacted.
WHATINFORMATIONWASINVOLVED?
RRCAinformedits clients,health careprovidersorotherbusiness companiesforwhichdataiscollectedregarding outstanding payments, about this event and what customer personal information may have been accessed.The personal information that may have been accessed by a third party includes contact information (such as name, address, date of birth, phone number and email) and one or more of the following:
— Social security number or taxpayer ID
— Driver’s license number
— Passport number
— Telephone number
— Health insurance information
— Health data, such as medical record numbers and places of treatment and doctors
— Health payment information such as billing and insurance claims and payment card and account numbers
— Username orIPaddress
— Potentially some demographic information, such as gender, religious views or race
Thedatathatwasaccessedwasnotthesameforeachpersonanddoesnotalwaysincludealltheabovedata elements.
WHATAREWE DOING?
RRCA has been diligently working with law enforcement and forensic investigators to conduct a thorough review of the potentially affected data. RRCA has implemented additional organizational, technical and administrative security measures to prevent the reoccurrence of such a breach and to protect the privacy of its clients.
WHATCANCONSUMERS IMPACTED DO?
RRCA is sending out notifications to impacted customers of its clients so that action can be taken which will assist to minimize or eliminate potential harm. It is strongly advised that preventive measures be taken to help prevent and detect any misuse of information.
Tohelpprotectaffected individuals,RRCA has retainedCyEx, a specialist in identity theft prevention to provide credit monitoring services and identity theft services, free of charge.
Asafirst step,itis recommendedtomonitor financialandhealth accountsforanyunauthorizedactivity and promptlycontacting theappropriatefinancialinstitutionor health insurancecarrier if detected.
To further protect from the possibility of identity theft, it is also recommended that fraud alerts are placed with each of the three credit bureaus – Equifax, Experian, and TransUnion. A fraud alert will make it harder for a new credit account to be opened, as the business must verify identity before it issues new credit. A fraud alert should not stop the use of existing credit cards or other accounts, but it may slow down the ability to get new credit.An initial fraud alert is valid for ninety (90) days. To place a fraud alert on credit reports, contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. Letters will then be sent from the agencies with instructions on how to obtain a free copy of the credit report from each.
— Equifax (888) 766-0008 orwww.fraudalert.equifax.com
— Experian (888) 397-3742 orwww.experian.com
— TransUnion (800) 680-7289 orwww.transunion.com
Even if no suspicious activity is detected on the initial credit reports, the Federal Trade Commission (FTC) recommends checking credit reports periodically. Checking credit reports periodically can help spot a problem and address it quickly.
WHOTOCALLORCONTACT WITHQUESTIONS?
Iftherearefurther questionsorconcerns,pleasecontacttheRRCA Accounts Management Team at this special telephone number 1-855-277-4799, Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time, except holidays.
https://c212.net/c/img/favicon.png?sn=SF34143&sd=2024-10-18
View original content:https://www.prnewswire.com/news-releases/rrca-accounts-management-inc-reports-ransomware-attack-and-data-breach-302280547.html
SOURCE RRCA Accounts Management, Inc.
https://rt.newswire.ca/rt.gif?NewsItemId=SF34143&Transmission_Id=202410182030PR_NEWS_USPR_____SF34143&DateId=20241018
COMTEX_458945153/1005/2024-10-18T20:30:15