Nationwide Recovery Service reports data breach

Nationwide Recovery Service, Inc. (NRS) is reporting a data breach after discovering unauthorized access to confidential information provided to the company.

Founded in 1948, Nationwide Recovery Service, Inc. is a collections company based in Norcross, Georgia, and a subsidiary of ACCSCIENT, a large business services company headquartered in Richardson, Texas.

The breach, described as a "hacking/IT incident" involving a network server, compromised sensitive consumer data. While the exact cause of the breach is still under investigation, it remains unclear whether the attack targeted NRS directly or a third-party vendor.

The nature of the compromised data and number of affected individuals has not yet been disclosed.

NRS has committed to sending out data breach notification letters to all affected individuals, once the investigation into the breach is complete.

Update - as of 4th of April 2025, NRS has started notifying customers. City of Chattanooga reports that they were notified, and that NRS is offering end user notifications and credit monitoring services.  The exposed data includes:

• name
• address
• social security number,
• date of birth,
• financial account information
• medical related information,

The number of affected individuals has not been disclosed.

As of 9th of April 2025, Bradley County also confirmed they are affected by the uses Nationwide Recovery Services breach. The County is waiting on the full list of those affected from Nationwide Recovery in order to understand the scope and determine next steps and obligations.

As of 14th of April 2025, Rhea Medical Center is reporting to more than 8,000 people that their personal and protected health information was caught up in a breach at Nationwide Recovery Services.

As of 21st of April 2025,  Erlanger Western Carolina Hospital (formerly Murphy Medical Center) in North Carolina is reporting that more than 3,000 people were impacted by the breach at Nationwide Recovery Services.

As of 26h of April 2025, Georgia-based family healthcare firm Virtuvian Health is reporting 88,848 clients are affected by the data breach at Nationwide Recovery Service.

As of 30th of April 2025, Bristol, Tennessee reports that 6,000 residents were impacted, and Chattanooga, Tennessee reports 836 impacted residents by the breach.

As of 6th of May 2025, Providence Swedish reports that at least 1,000 individuals were impacted from their Stevens Memorial Hospital (now known as Swedish Edmonds).

As of 18th of May 2025, Harbin Clinic reports that 200,000 individuals were impacted by the breach.

As of 27th of May 2025, UChicago Medicine Medical Group reports that 38,000 patients were impacted by the breach.