Another client of Nationwide Recovery Services has announced they were affected by the vendor’s breach. Robert Sorrell reports:
BRISTOL, Tenn. — A data breach at a third-party vendor used by the city of Bristol, Tennessee, may have exposed sensitive personal information of residents whose accounts had been turned over for collection.
During a City Council work session Tuesday evening, officials said approximately 6,000 letters will be sent to people notifying them of the breach and offering complimentary identity protection services. The breach occurred last summer but was not disclosed to the city until February 2025, city attorney Danielle Smith said Tuesday.
The third-party vendor, Nationwide Recovery Services, provided collection services for the city’s utility, municipal court, EMS and ambulance billing, and general billing operations. According to a legal notice posted on the city website on Tuesday, an unauthorized third party attempted to infiltrate NRS’ computer network on or around July 11, 2024.
Read more at Bristol Herald Courier.
Chattanooga, Tennessee was also affected, and sent out 836 letters. As the Chattanooga Times Free-Press reported on April 24:
Nationwide informed the city of the breach in February, Holl said in an April 4 release. In the February notice, Nationwide representatives said that they had first informed the city of a problem with the data’s security in July. The debt collector reported the breach to the Federal Trade Commission in September. Representatives of Kelly’s office have said that they learned of the breach April 4.
The city this month withdrew a contract with Nationwide and is now seeking a new contractor to handle its debt services.