Posted On November 18, 2022 Consumer Privacy & Data Breaches
On November 16, 2022, AAA Collections, Inc. filed documents with the Attorney General of Montana reporting a data breach that compromised the sensitive consumer data contained on the company’s computer system. However, the company has yet to publicly disclose the type of information that was accessible to the unauthorized party as a result of the breach. That said, based on state data breach reporting requirements, it is likely that the incident resulted in consumers’ names and one or more of the following being compromised: Social Security numbers, financial account information, government identification numbers or protected health information. After confirming that consumer data was leaked, AAA Collections began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the AAA Collections data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from AAA Collections, Inc.
The available information regarding the AAA Collections breach comes from the company’s filing with the Attorney General of Montana. According to this source, on September 7, 2022, AAA Collections detected a security incident related to its computer system. While the company does not elaborate on what led to this discovery, in response, AAA Collections launched an investigation to determine the scope of the incident as well as whether any consumer information was jeopardized as a result.
The AAA Collections investigation confirmed that an unauthorized party gained access to the company’s computer system on September 5, 2022, and continued to have access until September 7, 2022. The investigation also revealed that the unauthorized party copied some of the data, which included sensitive information belonging to consumers.
Upon discovering that sensitive consumer data was made available to an unauthorized party, AAA Collections began to review the affected files to determine what information was compromised and which consumers were impacted. This process was completed on October 24, 2022; however, AAA Collections has not yet posted notice of the breach on its website, and the company’s data breach letter does not specify what data types were leaked. But looking at the Montana data breach requirements, only companies that experience a leak involving consumers’ names and one or more of the following are required to report a breach:
Based on AAA Collections’ business model, it would seem that the most likely data types were Social Security numbers and financial account information, although this cannot be confirmed at this point.
On November 16, 2022, AAA Collections sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1965, AAA Collections, Inc., which also goes by the name Advanced Asset Alliance, Inc., is a collection of accounts receivable management companies based in Sioux Falls, South Dakota. The company helps its corporate and business clients recover outstanding accounts receivable through various collections procedures. AAA Collections employs more than 54 people and generates approximately $13 million in annual revenue.
If you receive notice of the AAA Collections data breach, it means your information was accessible by an unauthorized party, which is just a nice way of saying that a hacker very possibly has your information. Hackers go through a lot of trouble to orchestrate a cyberattack, and they wouldn’t carry out these attacks unless there was something in it for them. In most cases, hackers benefit by selling your information on the dark web or using it to commit identity theft themselves. So, while you can’t be sure what a hacker plans to do with your information, it is better to be safe than sorry.
Below is a list of things that all data breach victims should consider doing as soon as possible. Keep in mind, however, that this is not an exhaustive list, and you may want to take additional steps, especially if your Social Security number or financial account numbers were leaked.
After a data breach involving sensitive consumer information, companies must inform those who were affected as well as notify any state where victims of the breach live. These data breach letters contain some useful information, such as how the unauthorized party accessed your information, what the company has done since then, and whether there have been any reports of identity theft or fraud from other victims. Read over the letter to determine what information of yours was compromised. That will give you a better idea of what steps you need to take to protect yourself.
Hackers usually try to use any stolen information as quickly as possible to avoid giving a victim time to close their accounts or otherwise limit hackers’ ability to profit from the stolen information. However, hackers might not always be able to immediately carry out their crimes if a breach only contains limited amounts of information. In these cases, hackers need additional information, which can take time to acquire. Because of this, it may not be until weeks or months after a breach that hackers can use the stolen information. So while it is common for signs of unauthorized activity to appear soon after a breach, it is also imperative that you continue to check all your online accounts to monitor for any suspicious activity.
Credit monitoring is a service that alerts you to any suspicious activity related to your credit account. On average, credit monitoring costs about $20 to $40 per month. However, companies almost always offer victims of a data breach free credit monitoring for a period of time—usually between one to two years. Indeed, AAA Collections indicates that it will be providing victims of the breach with this service. Signing up for credit monitoring is free and provides you with an easy way to keep an eye on your credit profile. Moreover, signing up for free credit monitoring doesn’t impact your rights to bring a data breach lawsuit against the company that leaked your information if the company was negligent leading up to the breach.
Fraud alerts and credit freezes are free services offered by the major credit bureaus (one of which is TransUnion). A fraud alert puts companies that pull your credit on notice that there is reason to believe that someone may be fraudulently using your information. A credit freeze offers additional protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the AAA Collections data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by AAA Collections, Inc. (the actual notice sent to consumers can be found here):
AAA Collections, Inc. (“AAA”), an accounts receivable management company, is notifying you of an incident that may affect some of your information. We are writing to provide you with information about the incident, our response, and steps you may take to protect your personal information, should you feel it appropriate to do so.
What Happened? On September 7, 2022, AAA learned that it experienced a cyber incident. We promptly took steps to secure our systems and commenced an investigation into the nature and scope of the incident. We have been working diligently to investigate this incident and confirm any information that may be affected. Through the investigation, we determined that certain documents stored within AAA’s environment were copied from the system as part of the cyber incident between September 5, 2022, and September 7, 2022. Based on the investigation, AAA conducted a detailed review of data involved to determine the type of information present and to whom it related. This process has been ongoing and was recently completed on October 24, 2022. AAA is now working to provide notice to those individuals whose information was potentially affected. You are receiving this notice because we determined that your information may be affected.
What Information Was Involved? The information that may have been impacted by this incident may potentially include your name and [Redacted].
What We Are Doing. The confidentiality, privacy, and security of information within our care are among AAA’s highest priorities. Upon learning of the event, we promptly took steps to secure our systems and investigate the full scope of the incident. While our investigation of and response to the event are ongoing, we have taken additional steps to further enhance the security of our systems. In an abundance of caution, we are also notifying potentially affected individuals, including you, and providing information on steps you may take to protect your information, should you feel it is appropriate to do so. We are also offering you access to credit monitoring and identity protection services at no cost to you. Information on how to enroll in these services may be found in the attached “Steps You Can Take to Help Protect Your Information.”
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors. We also encourage you to review the information contained in the attached “Steps You Can Take to Help Protect Your Information” and to enroll in the credit monitoring and identity protection services we are making available to you.
In addition, we are offering identity theft protection services through IDX, the data breach and recovery services expert. IDX identity protection services include: [Redacted] of Single-Bureau credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
For More Information. If you have additional questions, please call our dedicated assistance line at (833) 896-5123 or go to [Redacted] and use the Enrollment Code provided above. Representatives are available Monday through Friday from 8 am – 8 pm Central Time (excluding U.S. holidays). Please note the deadline to enroll is February 16, 2023.