STERLING, Ill., Oct. 18, 2024 /PRNewswire/ --
WHAT HAPPENED?
RRCA Accounts Management, Inc. ("RRCA"), a full-service collection agency, experienced a security incident from a ransomware attack from the Play threat actors on June 6, 2024, and immediately stopped the intrusion on June 7, 2024. A cybercriminal illegally attacked a limited part of our systems without permission. We then immediately hired expert third parties to commence a forensic investigation of the security incident. The initial investigation showed that the majority records accessed were not personal information. However, we learned through ongoing forensic investigatory efforts that there was a full release of our clients' customers' personal information on August 20, 2024, leading to this notification. We then did a thorough investigation to identify those consumers whose information was impacted.
WHAT INFORMATION WAS INVOLVED?
RRCA informed its clients, health care providers or other business companies for which data is collected regarding outstanding payments, about this event and what customer personal information may have been accessed. The personal information that may have been accessed by a third party includes contact information (such as name, address, date of birth, phone number and email) and one or more of the following:
-
Social security number or taxpayer ID
-
Driver's license number
-
Passport number
-
Telephone number
-
Health insurance information
-
Health data, such as medical record numbers and places of treatment and doctors
-
Health payment information such as billing and insurance claims and payment card and account numbers
-
Username or IP address
-
Potentially some demographic information, such as gender, religious views or race
The data that was accessed was not the same for each person and does not always include all the above data elements.
WHAT ARE WE DOING?
RRCA has been diligently working with law enforcement and forensic investigators to conduct a thorough review of the potentially affected data. RRCA has implemented additional organizational, technical and administrative security measures to prevent the reoccurrence of such a breach and to protect the privacy of its clients.
WHAT CAN CONSUMERS IMPACTED DO?
RRCA is sending out notifications to impacted customers of its clients so that action can be taken which will assist to minimize or eliminate potential harm. It is strongly advised that preventive measures be taken to help prevent and detect any misuse of information.