I found this DakotaNewsNow story to be missing some important details;
A letter sent out by AAA Collections is informing many that their name and Social Security numbers could be compromised. The data breach stems from a period of three days in early September when the company’s computer system was compromised. By the time it was found and stopped, documents containing names and Social Security Numbers were copied. South Dakota law requires any large breach to be reported to the Attorney General’s office, as well as notices sent out to anyone that might have been affected.
• Who owns AAA? The company started in 1965 and at one point I think it changed hands between hospitals and a bank. I’m don’t know who owns them now.
• What hospitals/clinics were affected? Avera? Sanford? specialty hospitals? Falls Community Health? Why didn’t any of these institutions send out letters?
• Were laws broken about when they needed to inform clients? Is AAA responsible or the other institutions? It’s been around 90 days since the event took place, I believe they only had 60 days to inform clients.
I have heard from several people who got the letter. One of them is a patient at Falls Community Health. When did the city/county know, and when were they going to inform patients?
The speculation as to why this took so long was that AAA was trying to fix it internally hoping to avoid a disaster but that didn’t go so well.
Either way, I’m not sure why any scammer would want the Social Security numbers of people with bad credit.