On September 9, 2024, Nationwide Recovery Service, Inc. (NRS) reported a data breach to the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR). The breach involved the unauthorized access of sensitive consumer information, though details about the attack remain limited. The company explained that the incident occurred due to a “hacking/IT incident” involving a network server. While the exact cause of the breach is still unclear, NRS is investigating whether the attack targeted its own systems or a third-party vendor. As of the filing, NRS has not provided further specifics on the event.
Following the discovery of the breach, Nationwide Recovery Service took immediate steps to review the compromised files and assess which information had been affected. The breach potentially involved personal data, although the company has not yet disclosed the exact details of what was exposed. As the investigation continues, NRS is working to identify which individuals were impacted by the unauthorized access. Once the review is complete, the company will begin sending out notification letters to those whose information was compromised during the breach.
Nationwide Recovery Service, a collection agency based in Norcross, Georgia, has been in operation since 1948. It serves a wide range of clients, and as part of its operations, the company handles sensitive consumer information. The breach, which was identified through a filing with HHS-OCR, has raised concerns about the vulnerability of consumer data in the hands of third-party vendors. Though no additional details have been provided, the company’s response shows a commitment to addressing the issue by reviewing and securing the data involved.
Nationwide Recovery Service operates under the parent company ACCSCIENT, a larger business services provider based in Richardson, Texas. With over 140 employees and generating annual revenue of approximately $13 million, NRS is an established player in the collections industry. The company’s swift action following the breach aims to mitigate any risks to affected consumers and ensure that they are informed about the status of their personal information. Despite the breach, there is currently no evidence suggesting that the exposed data has been misused.
Reference:
