Cyber Incident Victim: North American Rescue

North American Rescue, LLC (“NAR”), a commercial entity based in Greer, South Carolina, experienced an external system breach involving hacking on October 22, 2022. The incident compromised sensitive personal information, specifically names combined with Social Security Numbers. The breach remained undetected for over a year until its discovery on November 17, 2023. Approximately 939 individuals were affected nationwide, including one Maine resident. Due to the limited number of impacted Maine residents, consumer reporting agencies were not notified under applicable thresholds. The delayed discovery timeline—spanning 13 months between the breach occurrence and identification—highlighted prolonged unauthorized access to personal data before mitigation efforts commenced.

NAR initiated written notifications to affected individuals on July 19, 2023, through correspondence documented as "NAR - Individual Notification Letter.pdf." The company engaged Cleary Gottlieb Steen & Hamilton LLP, represented by partner Rahul Mukhi, as outside counsel to manage breach disclosures. Identity theft protection services were offered to all impacted persons, consisting of 24 months of credit monitoring and identity theft resolution tools via Experian IdentityWorks. No prior breach notifications had been issued by NAR within the preceding 12 months. The response focused on providing post-breach support through Experian’s services without disclosing additional technical details about the attack vector, containment measures, or system vulnerabilities exploited during the incident.