A collection operation in New Hampshire has disclosed it was the victim of a data breach impacting more than 11,000 consumers, according to a filing with the Maine Attorney General. The disclosure is the third data breach in the accounts receivable management industry that has been disclosed in the past week.
What Happened: Last June, Lamont Hanley & Associates discovered that an email account for one of its employees was accessed by an unauthorized third party.
- The company commenced an investigation after securing the email account and changing the password on the account that was accessed.
- The investigation did not identify that any data or information was accessed or acquired by an unauthorized party, but could not conclude with absolute certainty that the data wasn’t accessed or acquired. That led to an “extensive review” of the compromised account to determine what data may have been involved.
- After conducting a forensic investigation and manual review of all the data within the compromised account, which concluded on February 28, the company identified the personal information of 11,484 individuals was present within the compromised account. This included the names, Social Security numbers, and dates of birth of those individuals.
What’s Being Done: Individuals whose information was compromised will be entitled to 12 months of free credit monitoring, according to the letter that the company sent to the Maine Attorney General.
What It Said: “LHA values your privacy and deeply regrets that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information. Since detecting the incident, we have reviewed and revised our information security practices, and implemented additional security measures to mitigate the chance of a similar event in the future.”