ASC Data Breach Involving Social Security Numbers

ASC Data Breach Involving Social Security Numbers. On October 13, 2022, the Appraisal Subcommittee discovered a data breach that occurred on the new website. The incident involved Social Security Numbers. They made an announcement on January 24, 2023 and have contacted all State Appraiser Regulatory Agencies concerning the data breach. They are also notifying all individuals whose Personal Identifiable Information had potential for exposure. Those appraisers who could have had their data exposed will be offered credit monitoring to prevent identity theft.

The Appraisal Subcommittee (ASC) is contacting all State Appraiser Regulatory Agencies concerning a data breach that occurred on the website. Please note: This was not a data theft or hacking incident.

What Happened?

After the release of the new website on September 18, 2022, potential access to Personally Identifiable Information (PII) was reported to the ASC. The breach was discovered on October 13, 2022, when an individual reported it to the ASC after viewing their own PII via a web browser search. While there was potential for broader exposure, to date we are not aware of any other individuals accessing the breached PII.

What Information Was Involved?

This incident involved Social Security Numbers (SSNs).

What We Are Doing

Immediately upon discovery of the breach, the website was taken down and corrective actions were taken to resolve the error. We are notifying all individuals whose PII had potential for exposure and offering Identity Protection, Credit Monitoring, and Identity Monitoring Services. We are also notifying all State Appraiser Regulatory Agencies.

In 2016, the ASC rolled out the Unique Identifier (UID) for States to utilize in entering appraisers on the National Registry. The UID eliminates collection/retention of SSNs. States are strongly encouraged to help ensure protection of PII by utilizing the UID.

For More Information

Contact the ASC toll-free at 888-815-1517 (Monday – Friday, 8am – 6 pm EST). 

Image credit flickr - Aranami


Have questions or need help? Please contact us with any comments, questions or concerns.

You may also like...

8 Responses

  1. Avatar EJ says:

    Don’t worry, the ASC is on top of it ! ?

  2. Avatar Coach says:

    I didn’t even know about this and didn’t get any notification from them. Does that mean my info wasn’t exposed?

  3. Avatar Xpert says:

    I just called them and they said that those who have had their personal information exposed will get a letter with an enrollment code for the free credit monitoring service. The rest may get an email and/or letter about the breach.

    • Avatar IMJSAYN says:

      Guess who’s going to end up paying for those “free” monitoring services through increased national registry fee?

  4. Avatar Jaydee says:

    It is just me, or are all of these apparent “ACCIDENTAL DATA BREACHES” are happening far too much and far to often by far too many entities to be “COINCIDENCES”. Fear for your bank account(s) and privacy is going to drive behind the “you need to be chipped” movement to safe guard your identity and your bank account. Change my mind, I’ll wait.

    • Baggins Baggins says:

      It’s complicated, the scale of global internet penetration attempts is truly remarkable. Security teams continue to provide effective reactionary efforts, despite the ongoing lack of attention and inadequate allocation of applied security by the companies utilizing various online accessible software. The problem is with every new ‘invention’, alongside it comes new penetration capabilities. Personal pc vs corporate networks, the only difference is the scale and number of doors available, the vulnerabilities lie within coding potentiates which are constantly evolving, modulated by white and black hats. Pick your poison, more phoning home to microsoft and wholesale sell out of your private data by exploitative corporations, vs vulnerability to the hacker world.
      Take the time to read this third link, it’s a challenge read but it’s important to know the capabilities and constant operational activities of that little thing you refer to as a cellular phone. The second any app hits the open wild of the internet, penetration attempts are virtually guaranteed. Malwarebytes blog will keep you informed of current threats.

      It’s essential we all learn to limit our informational exposure footprint. Did you see 2000 Mules and really take the time to understand the cellular ping recording issue? That’s been ongoing with these devices and is just one minor aspect of legal data tracking recording and data brokering. Beyond that are the myriad of legal apps which have either inadequate or purposefully malicious coding which is subsequently capable of extending vulnerable function to other apps, scraping data in a variety of ways. Snowdens oscilloscope project is a complicated long read but is something anyone whom uses a cell phone should be aware of. Then you enter the realm of subversive malicious penetration attempts, it’s another ball game entirely. Malwarebytes is a preferred provider, subscribe to them and ditch whatever else if it is not compatable.

      For this issue, probably not that big of a deal. Companies are required and compelled via various state laws to provide notices to entire user bases, even if only one individual is compromised. There will probably be additional forensic audit reports forthcoming at a later date. Sorry Jaydee, no grand conspiracy, just a world full of hackers to the point where it’s become actual industry in other countries. If you want real conspiracy look at how the legal companies exploit your data, while keeping it ‘secure’.
      Meet ‘Jim Browning’. Thank good ness for that guy, watch his videos.

      • Baggins Baggins says:

        Sorry, missed your initial point. We’re not getting chipped. Hell no, that’s never going to happen. They can only push these systems as far as we let them. Digital currency is all bad, just say no. Online identity requirements are all bad, just say no. Orwells Revenge is upon us, but it’s never to late to fight the future. Trust no one. For bank hacks, it’s just a 16 digit card number, plus 4 digit date number, plus 3 digit ccv number. Hackers phish the data from dump hashes, inject code to scrape, or just use brute force or repeat attempts, possibilities are endless. If you use online currency, your cards will eventually get hacked. Reasons why it’s important to support cash and solid physical based currencies as frequently as possible. Are you loving globalism yet? Article 1 Section X.

  5. Raechel Stickney on Facebook Raechel Stickney on Facebook says:

    Oh good my previous credit monitoring is about to expire… crazy eyes


Leave a Reply

We welcome critical posts & opposing points of view. We value robust & civil discourse. You may openly disagree, but state your case in an atmosphere of mutual respect, in which everyone has a right to a particular view about the topic of conversation. Please keep remarks about the topic at hand, & PLEASE avoid personal attacks. If the poster gets you upset, it is the Internet, you can walk away from it.

Personal attacks harm the collegial atmosphere we encourage on AppraisersBlogs.

Your email address will not be published. Required fields are marked *

xml sitemap

ASC Data Breach Involving Social Security Numbers

by AppraisersBlogs time to read: 1 min