On October 23, 2024, RRCA Accounts Management, Inc. (“RRCA”) filed a notice of data breach with the Attorney General of Montana after the organization was targeted in a ransomware attack. In this notice, RRCA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, dates of birth, phone numbers, email addresses, passport numbers, driver’s license numbers, telephone numbers, health insurance information, health information, IP address, and demographic information. Upon completing its investigation, RRCA began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from RRCA Accounts Management, Inc., you may not be familiar with the company name, but it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the RRCA Accounts Management data breach. For more information, please see our recent piece on the topic here.
What Caused the RRCA Accounts Management Data Breach?
The RRCA Accounts Management data breach was only recently announced, and more information is expected in the near future. However, RRCA’s filing with the Attorney General of Montana provides some important information on what led up to the breach. According to this source, RRCA is a vendor used by various healthcare providers. Specifically, RRCA is a collection agency that helps its healthcare providers collect payments on past-due accounts.
On June 6, 2024, RRCA was targeted in a ransomware attack carried out by a ransomware group. However, because the ransomware group “covered their tracks,” RRCA did not learn about the incident until August 20, 2024. Once RRCA learned about the attack, it immediately stopped all unauthorized access. However, RRCA later confirmed that one or more unauthorized parties were able to access its computer system, including files containing confidential consumer information.
After learning that sensitive consumer data was accessible to an unauthorized party, RRCA Accounts Management reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, address, date of birth, phone number, email address, passport number, driver’s license number, telephone number, health insurance information, health information, IP address, and demographic information.
On October 23, 2024, RRCA Accounts Management sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About RRCA Accounts Management, Inc.
Founded in 1979, RRCA Accounts Management, Inc. is a full-service collection agency based in Sterling, Illinois. RRCA operates three locations in DeKalb, Illinois; Sterling, Illinois; and Clinton, Iowa. RRCA primarily serves the needs of healthcare providers and medical care facilities but also provides services to businesses, property owners, and municipalities. RRCA Accounts Management employs more than 25 people and generates approximately $5 million in annual revenue.
