Service Access & Management, Inc. (SAM), based in Reading, Pennsylvania, reported a data breach after unauthorized access to its IT system. The breach, discovered on July 5, 2024, was investigated by SAM with the help of independent computer forensic experts. It was confirmed that an unauthorized actor had gained access to SAM’s system for a period of time, possibly exposing sensitive consumer information. SAM initiated the breach response process and filed a notice with the U.S. Department of Health and Human Services Office for Civil Rights on September 2, 2024.
SAM’s investigation revealed that files containing consumer data were accessed, but the specifics of the compromised information were not immediately disclosed. However, it was later confirmed that the breach potentially exposed sensitive data such as Social Security numbers. SAM’s breach notice implied that affected individuals whose Social Security numbers were compromised would be offered free credit monitoring and identity restoration services. The company’s internal review concluded on July 29, 2024, and SAM began mailing data breach notification letters to affected individuals.
The breach was first detected when SAM observed unusual activity within its IT network. The unauthorized access raised concerns about the security of the company’s systems, prompting a full investigation into the incident. During this process, SAM worked to determine which consumer files were affected and which individuals were impacted by the breach. While SAM has not yet provided a complete list of compromised data, the company has committed to informing affected consumers about the nature of the breach in their notification letters.
Service Access & Management, Inc. provides a range of services to Pennsylvania residents and to eight counties in New Jersey, offering programs like children and youth services, mental health services, and early intervention services. The company, employing over 600 people, generates about $68 million in annual revenue. As a precautionary measure, SAM has offered affected individuals identity protection services and is implementing further safeguards to prevent similar incidents in the future.
Reference:
