Major Data Breach at Credit Control Corporation Impacts Nearly 300,000 Individuals

• A significant data breach has been reported at the R&B Corporation of Virginia, also known as Credit Control Corporation (CCC). The breach, believed to be a result of external hacking, affected 286,699 individuals, with unauthorized access gained to highly sensitive personal information.
• The company detected unusual network activity on March 7, 2023, which was subsequently confirmed to be a cyber incident that had occurred between March 2 and March 7, 2023. The breach was found to have resulted in the copying of certain files from the CCC network, some of which contained personal information such as names and Social Security numbers, as per the definition under Maine law.

Newport News, VA – R&B Corporation of Virginia, doing business as Credit Control Corporation (CCC), has reported a significant data breach affecting 286,699 individuals. The breach, which was discovered on May 3, 2023, involved an external system breach, with hackers gaining access to sensitive personal information.

The company, located at 11821 Rock Landing Drive, provides debt collection services and gathers information on behalf of its business entity customers, known as “Data Owners”. The list of affected Data Owners includes renowned entities such as

• Atlantic Orthopaedic Specialists
• Chesapeake Radiology
• Children’s Specialty Group
• Dominion Pathology Laboratory
• Emergency Physicians Of Tidewater
• Mary Washington Healthcare
• Medical Center Radiology
• Riverside Health System
• Sentara Health System
• and Valley Health System.

On March 7, 2023, CCC noticed unusual activity within its network. With the help of third-party forensic specialists, a comprehensive investigation was immediately initiated. By March 14, it was confirmed that specific files had been copied from CCC’s network as part of a cyber-attack that occurred between March 2 and 7, 2023.

In an official notification issued by CCC, CEO Paul E. Leary states, “CCC undertook an extensive and thorough review of the files to identify what specific information was present in the files and to whom it related.” He further adds that the review, completed on May 3, found that the hacked files contained personal information, including names and Social Security numbers, as defined by Maine law.

CCC has since moved swiftly to address the incident, notify the affected individuals, and bolster its security measures. The corporation has notified federal law enforcement and is cooperating with their information requests. A process is now in place for regular and timely review and updating of existing data protection and security policies.

To help those impacted, CCC is offering free enrollment in credit monitoring and identity protection services. It is also providing guidance on how to better protect against identity theft and fraud. Affected individuals are being advised on how to place a fraud alert and security freeze on their credit file, how to obtain a free credit report, and how to remain vigilant for incidents of fraud and identity theft.

CCC has ensured to notify the relevant Data Owners of the event and is providing notice to state and federal regulators, as necessary. Notices have also been sent to the three major credit reporting agencies, Equifax, Experian, and TransUnion. Moreover, in compliance with the Health Insurance Portability and Accountability Act (HIPAA), CCC is notifying the U.S. Department of Health and Human Services and prominent media outlets.