RYBD Logo
Main Menu
Contact
Portal Access
Upload Documents
RYBD-Logo
RYBD-Logo
Contact
Portal Access
Upload Documents

Notice of Data Security Incident

Duluth, Georgia (June 26, 2026) – Rhodes, Young, Black, and Duncan (“RYBD”) is committed to protecting the privacy and security of the personal information it maintains. RYBD is making individuals aware of a data security incident that impacted the RYBD network environment. Although RYBD has no evidence of financial fraud or identity theft directly related to this incident, RYBD is making potentially affected individuals aware of the incident and steps that impacted individuals can take to protect their personal information.

On October 12, 2025, RYBD detected unauthorized access to one of its backup servers. RYBD immediately activated its incident response plan and launched an investigation with the assistance of outside cybersecurity and legal professionals to contain the environment and determine root cause and impact on any data. The investigation determined the intruder entered RYBD’s secure network through a vulnerability in its SonicWall Firewall. SonicWall, an industry leader in security software, had recently experienced a breach themselves which opened the vulnerability. SonicWall has publicly acknowledged the breach and vulnerability that was exploited here. Unfortunately, this issue was very common and led to many similar attacks at organizations across all industry sectors throughout the world in 2025.

RYBD’s investigation determined the unauthorized parties accessed its network through this compromised and relied-upon third party device on September 17, 2025 and exfiltrated data before RYBD detected the unauthorized access. While RYBD’s usage of the device for ongoing operations was minimal, RYBD did maintain some backup files and old working papers on the server. RYBD has been working diligently with outside consultants to ensure that all parties involved are identified.

Upon learning of the issue, RYBD secured its network and commenced a prompt and thorough investigation. As part of RYBD’s investigation, RYBD has been working very closely with external cybersecurity professionals experienced in handling these types of incidents. On May 27, 2026, RYBD concluded that a limited amount of personal information may have been accessed or acquired by the unauthorized party.

The personal information contained within the potentially impacted data included first and last names and Social Security numbers and/or taxpayer identification numbers, driver’s license or state identification numbers, financial account numbers and routing numbers, medical information, payment card numbers, passport numbers, payment card PINs, payment card expiration dates, and health insurance information. The information impacted varied by individual.

Commencing on or about June 26, 2026, RYBD mailed written notification letters to individuals whose information was determined to be involved in this incident, to the extent that valid mailing addresses were available. RYBD is also providing complimentary credit monitoring services to individuals whose Social Security numbers have been determined to be involved. For individuals who have questions or need additional information regarding this incident, or to determine if they are impacted and are eligible for credit monitoring, RYBD has established a dedicated toll-free response line at +1 (855) 859-9806. The response line is available for 90 days from the date of this letter, between the hours of 9 am – 9 pm Eastern time, Monday through Friday, excluding holidays.

– OTHER IMPORTANT INFORMATION –

1.         Placing a Fraud Alert on Your Credit File.

You may wish to consider placing an initial one (1) year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any of the three (3) major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.

Equifax P.O. Box 105069 Atlanta, GA 30348-5069 https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/ (800) 525-6285Experian P.O. Box 9554 Allen, TX 75013 https://www.experian.com/fraud/center.html (888) 397-3742TransUnion Fraud Victim Assistance Department P.O. Box 2000 Chester, PA 19016-2000 https://www.transunion.com/fraud-alerts (800) 680-7289

2.         Consider Placing a Security Freeze on Your Credit File.

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three (3) nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three (3) credit reporting companies:

Equifax Security Freeze P.O. Box 105788 Atlanta, GA 30348-5788 https://www.equifax.com/personal/credit-report-services/credit-freeze/ (888) 298-0045Experian Security Freeze P.O. Box 9554 Allen, TX 75013 http://experian.com/freeze (888) 397-3742TransUnion Security Freeze P.O. Box 160 Woodlyn, PA 19094 https://www.transunion.com/credit-freeze (888) 909-8872

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

3.         Obtaining a Free Credit Report.

Under federal law, you are entitled to one (1) free credit report every twelve (12) months from each of the above three (3) major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.

4.         Protecting Your Medical Information.

If this notice letter indicates that your medical information was impacted, we have no information to date indicating that your medical information involved in this incident was or will be used for any unintended purposes. As a general matter, however, the following practices can help to protect you from medical identity theft.

  • Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.
  • Review your “explanation of benefits statement” which you receive from your health insurance company. Follow up with your insurance company or care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential access (noted above) to current date.
  • Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or the care provider for any items you do not recognize.

5.         Additional Helpful Resources.

Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.

If this letter states that your financial account information and/or credit or debit card information was impacted, we recommend that you contact your financial institution to inquire about steps to take to protect your account, including whether you should close your account or obtain a new account number.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside.

Massachusetts Residents: Under Massachusetts law, you have the right to obtain a police report in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

Maryland Residents: You may obtain information about avoiding identity theft from the Maryland Attorney General’s Office: Office of the Attorney General of Maryland, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, www.marylandattorneygeneral.gov, Telephone: 888-743-0023.

New Mexico residents: You have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit.In addition, you have the right to obtain a security freeze (as explained above) or submit a declaration of removal. You have a right to bring a civil action against a consumer reporting agency that violates your rights under the Fair Credit Reporting and Identity Security Act. For more information about the FCRA, please visit www.consumer.ftc.gov/sites/default/files/articles/pdf/pdf-0096-fair-credit-reporting-act.pdf or www.ftc.gov.

New York Residents: You may obtain information about preventing identity theft from the New York Attorney General’s Office: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; ag.ny.gov/consumer-frauds-bureau/identity-theft; Telephone: 800-771-7755.

North Carolina Residents: You may obtain information about preventing identity theft from the North Carolina Attorney General’s Office: Office of the Attorney General of North Carolina, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001, www.ncdoj.gov, Telephone: 877-566-7226 (Toll-free within North Carolina), 919-716-6000.

Oregon Residents: You may obtain information about preventing identity theft from the Oregon Attorney General’s Office: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, www.doj.state.or.us, Telephone: 877-877-9392.

Washington D.C. Residents: You may obtain information about preventing identity theft from the Office of the Attorney General for the District of Columbia, 400 6th Street NW, Washington D.C. 20001, oag.dc.gov/consumer-protection, Telephone: 202-442-9828.

Scroll to Top