A Pennsylvania collection agency has filed a data breach notification with the Maine Attorney General, indicating that nearly 500,000 consumers were affected by the breach, which occurred last month.
A copy of the sample letter that was sent to affected consumers by NCB Management Services can be accessed by clicking here.
The breach occurred on February 1, according to the letter, and was discovered by the company three days later. Information connected to consumers’ credit card accounts with Bank of America were potentially obtained by those that perpetrated the breach. The impacted credit card accounts had already been closed, according to the letter. The information that may have been accessed included consumers’ first and last names, addresses, phone numbers, email address, dates of birth, employment information, driver’s license numbers, Social Security numbers, account numbers, credit card numbers, routing numbers, and account balances and statuses.
Bank of America is offering affected consumers two years of identity theft prevention services at no charge. The product includes daily monitoring of consumers’ credit reports from the three national credit reporting agencies, internet surveillance, and resolution of any identity theft.
The letter informed consumers that the company has “obtained assurances that the third party no longer has any of the information on its systems,” which, according to published reports, is a statement that is often associated with the payment of a ransom to those who perpetrated the attack.
Companies in the accounts receivable management industry are no strangers to data breaches, unfortunately. Back in December, a Washington collection agency disclosed that it was the target of a ransomware attack that compromised the personal information of more than 3 million consumers. A malware incident at a healthcare billing and collection company in 2020 compromised the information of nearly 300,000 consumers. And then there was the breach at American Medical Collection Agency, which exposed the personal information of 12 million consumers.