Cyber Incident Victim: AAA Collections

AAA Collections, Inc., also known as Advanced Asset Alliance, Inc., detected a security incident involving its computer systems on September 7, 2022. The Sioux Falls-based accounts receivable management company initiated an investigation, which confirmed unauthorized access to its systems occurred between September 5 and September 7, 2022. During this two-day period, the intruder copied sensitive consumer data stored within the company's network. The investigation concluded that compromised information belonged to consumers, though AAA Collections did not publicly disclose specific data types exposed in the breach. On October 24, 2022, the company completed its review of affected files to identify impacted individuals but maintained no website disclosure regarding the incident's scope.

The organization reported the breach to the Montana Attorney General's Office on November 16, 2022, in compliance with state data breach notification laws. While AAA Collections' data breach letters to affected consumers did not specify compromised data elements, Montana's reporting requirements indicate the incident likely involved consumer names combined with one or more of the following: Social Security numbers, financial account information, government identification numbers, or protected health information. The company's business model as a collections agency suggests Social Security numbers and financial account details were probable targets. AAA Collections dispatched breach notification letters to all affected parties on November 16, 2022, advising them about potential identity theft and fraud risks stemming from the incident. Founded in 1965 with approximately 54 employees and $13 million in annual revenue, the company has not released additional technical details regarding attack vectors, containment measures, or system remediation efforts following the breach discovery.