Rich Products Data Breach Exposes SSNs and Driver’s License Numbers via Third‑Party Phishing

On April 21, 2026, Rich Products began mailing breach notices to individuals whose personal information appeared in a compromised employee inbox at its background‑screening partner. The breach originated when an attacker gained access to a First Advantage employee’s email on or about November 13, 2025, through a phishing message. Four days later, on November 17, 2025, First Advantage detected the unauthorized access and contained the incident, but the attacker had already downloaded the full contents of the mailbox.

The exposed data varied by record and included first and last name, driver’s license number, Social Security number, and date of birth. The investigation confirmed the compromise was limited to that single email account and did not affect First Advantage’s broader network or service platforms. Rich Products learned of the incident more than four months after First Advantage’s initial discovery, as noted in the New Hampshire Attorney General filing dated April 22, 2026.

Affected individuals receive 24 months of complimentary credit monitoring and identity protection through Cyberscout, a TransUnion company. The package includes credit monitoring, fraud consultation, and identity‑theft restoration, with activation required by July 21, 2026 via the Cyberscout activation page or by calling 833‑289‑5957 (8 a.m.–8 p.m. ET, Monday‑Friday).

What It Means The incident highlights the risk posed by third‑party vendors that handle sensitive personal data. Even a single compromised credential can lead to the exposure of high‑value information such as SSNs and driver’s license numbers, increasing the likelihood of identity theft and fraud for affected consumers. Organizations must scrutinize the security posture of partners, especially those with access to personally identifiable information.

What Defenders Should Do - Enforce multi‑factor authentication on all email and remote access accounts to mitigate credential theft (MITRE ATT&CK T1078). - Deploy advanced phishing detection controls and conduct regular user‑training campaigns (T1566.001). - Monitor for anomalous mailbox activity, such as large‑volume downloads or unusual login locations, using UEBA or SIEM rules. - Require vendors to adhere to strict data‑handling agreements and to report breaches within a defined timeframe. - Review and test incident‑response plans to ensure timely internal notification when a third‑party breach is discovered.

Watch for further disclosures from First Advantage and any regulatory actions from the New Hampshire Attorney General’s office.