JD Supra: Receivables Performance Management LLC Reports Data Breach Impacting over 3.7 Million People

Receivables Performance Management LLC Reports Data Breach Impacting over 3.7 Million People

by Richard Console, Jr. | Console and Associates, P.C.

On November 21, 2022, Receivables Performance Management LLC reported a data breach with the Attorney General of Maine after the company learned that it had been the target of a 2021 ransomware attack compromising sensitive consumer information stored on its computer network. According to RPM, the breach resulted in the names and Social Security numbers belonging to certain individuals being compromised. Recently, RPM sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds. Current estimates place the total number of victims of the Receivables Performance Management at over 3.7 million.

Chances are, if you received a “NOTICE OF DATA BREACH” letter from Receivables Performance Management, you may have had no idea what the company does or why it has your information. However, as we’ve discussed previously, this does not change the fact that Receivables Performance Management owes you a duty to protect your information. While learning of a data breach affecting your information at a company you’ve never heard of is certainly frustrating, to say the least, you may be able to hold the company financially accountable through a data breach lawsuit.

What We Know About the Receivables Performance Management Data Breach

The available information regarding the Receivables Performance Management breach comes from the company’s filing with the Maine Attorney General. According to this source, on about May 12, 2021, RPM became aware of a potential cybersecurity incident when portions of the company’s computer system were inexplicably taken offline. In response, Receivables Performance Management disconnected all systems and worked to get them back online. Additionally, the company rebuilt its servers and then contacted a third-party data security firm to assist with the company’s investigation. Through this investigation, RPM hoped to learn more about the nature and extent of the incident, as well as what, if any, consumer data was compromised as a result.

The RPM investigation confirmed that an unauthorized party first gained access to its systems on April 8, 2021, and that a ransomware attack was launched on May 12, 2021. The company’s investigation also revealed that certain files containing sensitive consumer data were accessible to the unauthorized party.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Receivables Performance Management began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your personal information, including your name and Social Security number.

On November 21, 2022, Receivables Performance Management sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Receivables Performance Management LLC is an accounts receivable company based in Lynnwood, Washington. The company helps its business clients recover outstanding accounts receivable through a variety of collection techniques, including telemarketing services, customized dunning notice services, outsourcing and pre-collection services, early age reactivation services, late stage / post statute services, small balance portfolio services, and inbound and outbound services. RPM works with companies in all industries, including healthcare, retail card, credit card, auto finance, utilities, and more. Receivables Performance Management employs more than 51 people and generates approximately $47 million in annual revenue.