AAA Collections Breach

Founded in 1965 and headquartered in Sioux Falls, South Dakota, Advanced Asset Alliance (AAA) Collections is a third-party agency that specializes in debt collections. The agency adopts various collection methods to help large corporations and small businesses recover their accounts receivable. It has been operated as a family-owned business and managed under strong leadership. The company generates a revenue of about $13 million annually. Considering this and the relationships the agency has built over five decades of operations, it is no surprise that it suffered a data breach from the bad guys.

In the wake of September 7, 2022, AAA Collections detected a data security-related incident in its computer systems. It was an external system breach in which the hackers accessed and copied sensitive and personal information. About 56,848 individuals were affected in this incident. Specific information accessed and acquired by the bad-faith actors in the AAA Collections data breach includes consumers' names, financial information, and other personal identifiers like Social Security Numbers (SSNs).

When Was the AAA Collections Data Breach?

While the AAA Collections data breach was discovered on September 7, 2022, investigations revealed that the unauthorized access by the bad actors started on September 5, 2022, and continued until the day it was detected. Besides gaining access to consumers' sensitive information, it was also confirmed that the hackers copied the affected files. Following the investigations and discovery, AAA Collections moved quickly to review all the affected files in its system to determine which consumers were impacted and the compromised information for each affected person.

The agency did not publish information about the breach on its website while this review lasted. The data breach review process was completed on October 24, 2022. However, AAA Collections only started notifying individuals whose data were impacted on November 16, 2022, through a written Notice of Data Breach Letter. Written notices were also provided to the three major credit reporting agencies and relevant state regulatory agencies.

How to Check If Your Data Was Breached

AAA Collections notified everyone whose information was potentially affected in the 2022 data breach via notification letters. You would get one if the breach impacted your data. However, there are other ways to check if you think your data may have been compromised in the breach. For instance, you can spot-check your accounts to review any irregularities, especially small unauthorized charges and other expenses you did not make. In addition, you can obtain your credit report to check for unusual activities that may only be connected to data compromise. 

Furthermore, you can contact AAA Collections through their official communication channels to learn if your information was impacted by the data breach. However, while at it, be cautious with emails sent purportedly from the agency but emanate from scammers. Contacting the agency by phone is often recommended in this kind of situation.

What to Do If Your Data Was Breached

If you received a data breach notification letter from AAA Collections, review the content and ensure that you keep a copy of the letter for future reference, where needed. After identifying consumers who may be affected by the incident, AAA Collections offered them identity theft protection services through IDX, an expert in data breach and recovery service. Included in the offer were fully managed ID theft recovery services, several months of single-bureau credit and CyberScan monitoring, and a $1 million insurance reimbursement policy. So, you are encouraged to enroll and take advantage of the offer to help resolve issues, especially if your identity was compromised in the data breach.

Furthermore, if the AAA Collections data breach impacted your data, ensure to review your account statements constantly. In addition, you are encouraged to monitor your credit reports for suspicious or unusual activity and update your passwords where needed. More importantly, ensure to notify your credit card company and bank when your financial data is compromised in a data breach.

Are There Any Lawsuits Because of the Data Breach?

Yes. Following notifications to affected persons, a class action was instituted on behalf of individuals whose data were impacted by the AAA Collections data breach. The class action case was about a cyberattack involving the agency, in which it was confirmed that AAA Collections files containing names and SSNs of current and former employees and several other persons were accessed by an unauthorized third party. As stated in the lawsuit, the agency could have prevented the cyberattack if it implemented appropriate cybersecurity measures. 

Although AAA Collections denied any wrongdoing and did not admit it had any liability, it agreed to settle the suit by paying $865,000. Following the final approval hearing for the class action suit settlement on March 25, 2024, the court granted settlement approval on March 26, 2024. Class members can potentially get reimbursement for up to five hours of lost time as compensation at a $25 per hour rate. Also, class members may likely recover a $50 pro-rata payment depending on the number of partaking claimants.

As part of the settlement terms, those who experienced out-of-pocket losses due to the data breach can file a claim for up to $5,000 in additional reimbursement for such losses. However, they must have documented proof of their out-of-pocket losses. This reimbursement is expected to compensate for damages sustained by affected individuals due to fraud and identity theft. The potential award/reimbursement stands at $5,175 for persons who experienced out-of-pocket losses due to the incident. You are eligible for this reward if you received a notice letter informing you of the data breach incident of September 2022 and have submitted a claim form on or before February 13, 2024.

Can My AAA Collections Information Be Used for Identity Theft?

Yes. Besides several other data maintained by AAA Collections, the agency stores consumers' sensitive personal identifying information, which, if compromised, can be used for identity theft and other types of fraud. For instance, there were reports of identity thefts after the AAA Collections data breach in September 2022. With the information you have with the debt collection agency, scammers can take out credit cards, open bank accounts, and even apply for certain benefits in your name in the event that your data gets compromised.

What Can You Do to Protect Yourself Online?

Even though AAA Collections boasts of using a secure server implementing the Secure Sockets Layer (SSL) protocol to protect consumers' information, making extra efforts to protect your data online is recommended. Despite the many benefits of the internet, users can still be vulnerable to identity theft, fraud, and other types of scams. However, you can protect yourself and your personal and financial information online by doing the following:

• Always update your knowledge about cybersecurity threats, data breaches, and how to protect yourself using sites like IDStrong.
• Avoid oversharing personal information online, especially on social media, to prevent putting yourself at the risk of identity theft. You can check privacy settings to limit who sees your social media posts.
• Always password-protect your internet devices, such as your PCs and smartphones. 
• Always confirm that a site is secure before entering your personal or financial data. Generally, a secure website will have a lock symbol, and the URL will start with https.
• Create strong passwords whenever required. While they do not have to be complex, think beyond numbers or words that cybercriminals could easily guess. Using a mix of alphanumeric characters (with lower and upper case letters) and some special characters is often recommended to create a unique password.
• If possible, avoid using free or public Wi-Fi, especially when shopping online, and you are required to enter your financial data, such as credit card numbers and PIN. It is best to use a personal, password-protected network to shop on sites requiring you to enter your personal and financial information. In addition, make sure to shop on trusted sites only.
• Be cautious of suspicious and phishing emails purportedly from your bank, credit card company, or AAA Collections, asking you to open links or attachments. Such emails usually seem legitimate until you find they were sent with different email addresses or the addresses have spelling errors.
• Consider installing trustworthy and dependable anti-spyware software, anti-virus software, and a firewall.
• Consider enrolling in a credit monitoring and protection service to protect your financial and personal information and prevent identity theft. You can also place a fraud alert on your credit file, which typically prompts a business to take further steps to verify your identity before granting a new credit.