Debt Collector CCC Breach Exposes Over 9M Americans, Hackers Claim

These are 2 separate companies.  Credit Control Corporation has been in the headlines previously with security breach issues while Credit Control LLC based out of Missouri has a clean record and maintains a high level of security to prevent data breaches. Credit and Collection News wants to be clear that there is no confusion between the two companies and that information presented is concerning only the Credit Control Corporation. 

Threat actors claim to have breached Virginia-headquartered debt collection firm R&B Corporation of Virginia, doing business as Credit Control Corporation (CCC), adding that personal details of millions were exposed.

They announced the supposed data breach on a popular data leak forum, which hackers use to share their victims and trade in stolen data. The post claims that the crooks got their hands on the personal details of 9.1 million Americans.

CCC is a debt collector focused on the healthcare and telecommunications sectors. We have contacted the company for comment and will update the article once we receive a reply.

Meanwhile, the Cybernews research team has investigated a data sample that attackers attached to the post. According to the team, the sample indicates that attackers may have accessed:

• Full names
• Phone numbers
• Genders
• Ages
• Property information
• Mortgage data
• Loan types

Attackers are very fond of databases with details on millions of people, as this allows easier automation of scams that rely on phishing emails. Moreover, threat actors could utilize the dataset for targeted financial scams and identity theft.

Personal identifiers, together with financial details, create ample opportunities for tailor-made attacks. Once attackers are aware that users in the list may have financial problems, their scams could focus on fraudulent financial assistance or other services.

It’s not the first time the CCC name appears in cybersecurity media. In 2023, CCC disclosed a data breach that exposed over 300,000 US residents. At that time, the company said that certain files that were copied from the company’s systems by an unauthorized party contained personal information, such as names and Social Security numbers.