The number of reported U.S. data breaches in 2016 surpassed the previous all-time high reached in 2013 according to a report conducted by the Identity Theft Resource Center (ITRC). The 1,093 data breaches confirmed by ITRC exposed over 36.6 million [data or individual data] records.
For all businesses, data breaches remain a top concern. Due to the high volume of sensitive information stored by debt collection agencies, it’s crucial for businesses that utilize debt collection services to entrust a top performer.
The recent spike in data breaches coincides with an ever-growing number of individuals and businesses placing sensitive information online. The Optio Solutions editorial team decided to review four data breach incidents within debt collection agencies that have occurred over the last five years.
Utah-based Debt Collection Company (2012)
A debt collection company’s chief operating officer placed the sensitive information of 3,800 consumers at risk due to the installation of peer-to-peer (P2P) file-sharing software on the business’s computer system. P2P file-sharing technology offers users a variety of functions including the ability to share video, music and documents. As a result, the company — whose clients have included commercial credit organizations, healthcare providers and retailers — displayed Social Security numbers, health insurance numbers and medical diagnosis codes accessible to all computers connected to the P2P network.
According to the Federal Trade Commission (FTC), P2P software poses significant data security risks. The FTC charged the company with illegal exposure of thousands of consumer’s private information through the download and use of P2P software. The FTC alleged that the company failed to implement appropriate security measures for the sensitive information stored on its computers and database. The settlement required the company to undergo a data security audit every other year for 20 years, along with maintaining an information security program.
Los-Angeles Healthcare Provider (2014)
A break-in at a Southern California medical building and collections agency resulted in eight stolen computers and a total of 341,997 patients affected by the breach. The illegally obtained information included Social Security numbers, birth dates, first and last names and medical diagnosis stored in the company’s database. The Los-Angeles based company issued a $25,000 reward in return for the stolen devices or information leading to the perpetrator’s arrest and conviction.
Chicago-area Doctors’ Group (2014)
The unauthorized access to one Chicago doctor’s Gmail account by an unknown user compromised a total of 1,256 patient records. The debt collection agency that specializes in recovering old debt from debtors on behalf of the Chicago-based healthcare group became aware of an unknown website user with access to debtor’s information. Surgery descriptions, dates and instructions along with names and dates of birth were visible to the unauthorized viewer.
To date, no report shows that the information was misused. Following the breach, the collections agency has ceased the use of “outside physician e-mail accounts” within its domain. In addition, the company implemented annual employee training on securing patient information.
United States Wireless Provider (2015)
In one of the year’s high-profile cases, hackers breached a collections network server that contained the personal information of approximately 15 million customers of a U.S. wireless provider. Private records including addresses, names, Social Security numbers, birth dates, driver’s licenses, military IDs and passport numbers of current and past customers were accessed. An investigation concluded that the isolated incident occurred during a limited period.
A report conducted by the collections company found no inappropriate use of customer records. Company response consisted of strengthening IT security and providing all of those affected with the necessary assistance.
Conclusion About Data Breaches at Debt Collection Agencies
ITRC reported hacking, skimming and phishing attacks as “the leading cause of data breach incidents,” totaling 55.5 percent of all recorded breaches in 2016. This figure has increased by 17.7 percent compared to 2015. Accidental email/internet exposure of information, which includes negligence and improper disposal of information, was second with 9.2 percent of all breaches.
The continued increase in data breach incidents at debt collection agencies calls for an increase in data security measures and vigilant company performance to protect sensitive information online.
At Optio Solutions, we operate with the most advanced data security technology to effectively safeguard client information against data breaches. Security measures include:
- Payment Card Industry Data Security Standard PCI DSS 3.2
- Compliant with SSAE 16 SOC I Type II and SOC 2 Type II
- CCTV 24-hour security cameras
- Employee background checks and drug screening
- Strict badge-only access
Contact us today to secure your business’s future with our superior debt collection services.