Debt Collection Firm Credit Control Corporation Hit by Major Data Breach

Debt Collection Firm Credit Control Corporation Hit by Major Data Breach
Credit Control Corporation (CCC) is a Newport News, Virginia based debt collection firm.

BY
HABIBA RASHID
MAY 17, 2023
2 MINUTE READ
The magnitude of the data breach is significant, as it has potentially compromised the personal information of 286,699 individuals.
Credit Control Corporation (CCC), a debt collection services company, recently fell victim to a cyber attack leading to a data breach that compromised the personal data of numerous healthcare institutions.

The breach, which occurred between March 2nd and March 7th, resulted in the theft of sensitive information, including names, addresses, Social Security numbers, and account details.

This article will provide an overview of the incident, the affected parties, and the steps taken by CCC to mitigate the impact on its clients.

According to CCC’s data breach notice, on March 7th, 2023, the company detected unusual activity within its network, prompting the company to initiate an immediate investigation. It was soon revealed that threat actors had gained unauthorized access to specific systems and copied various files containing confidential client data. The company swiftly isolated its compromised systems and commenced an extensive investigation to assess the full extent of the data breach.

The fallout from this breach primarily affects healthcare institutions that relied on CCC’s debt collection services including the following:

VCU Health System
UVA Health System
Valley Health System
Sentara Health System
Riverside Health System
Bayview Physicians Group
Mary Washington Healthcare
Pariser Dermatology Specialists, Inc.
Chesapeake Regional Medical Center
Tidewater Physicians Multispecialty Group
Dominion Pathology Laboratories, Chesapeake Radiology
Children’s Hospital of the King’s Daughters Health System and its Affiliates
The magnitude of the data breach is significant, as it has potentially compromised the personal information of 286,699 individuals. Out of these, 20 residents of Maine were specifically identified. This was revealed in a breach notification notice published by the Office of the Maine Attorney General.

The stolen data varied by individual, but it included personally identifiable information such as names, addresses, and Social Security numbers. Additionally, threat actors acquired data related to individuals’ accounts with CCC’s business partners, including account numbers, balances, and dates of service. The compromised data leaves affected individuals vulnerable to identity theft and potentially fraudulent activities.

Upon discovering the data breach, CCC promptly reported the incident to federal law enforcement agencies and has been cooperating fully with their investigation. In an effort to mitigate the potential harm to affected individuals, CCC has offered free credit monitoring and identity theft protection services for a year.

The company urges affected individuals to remain vigilant, review their account statements and explanation of benefits forms, monitor free credit reports for suspicious activities, and promptly report any detected errors or fraudulent incidents.