Cyber Incident Victim: North American Risk Services

The North American Risk Services (NARS) data breach occurred between February 7 and March 27, 2018, impacting 604 California residents. The Florida-based third-party claims administrator detected the incident after observing suspicious emails originating from an employee's account. A subsequent investigation involving a security investigator revealed unauthorized access to a limited number of company email accounts during the two-month window. On June 27, 2018, the investigator confirmed these compromised emails contained sensitive personal information but initially lacked contact details for over 25% of affected individuals. The exposed data included victims' names combined with at least one of the following identifiers: Social Security numbers, driver's license numbers, financial account details, medical records, health insurance information, taxpayer/employer identification numbers, or login credentials.

NARS initiated a phased notification process beginning August 31 after establishing contact information for 50% of affected parties. The company cited the significant time required to locate remaining individuals as justification for the delayed notifications. For the unresolved 25% of cases, NARS employed a third-party address locator service that utilized Social Security numbers to identify physical mailing addresses, completing this process by September 7. A second notification wave was dispatched on October 5, 2018, reaching all confirmed victims. The breach exclusively affected California-based customers, with no evidence suggesting wider geographical impact. As remediation, NARS provided all 604 affected individuals with one year of complimentary credit monitoring and identity restoration services. The incident remained confined to email account compromises without reported lateral network movement or additional system infiltration.