RMS Data Breach: Sensitive PII Exposed Including SSNs

Retail Merchandising Services Inc., a national retail merchandising company based in Brooklyn Park, Minnesota, has disclosed a data breach affecting consumers' personal information.

The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation on March 16, 2026, and affected 339 Massachusetts residents.

What Happened in the Retail Merchandising Services Breach

According to the official disclosure from Massachusetts, the breach was a result of compromised email account. The threat actor, if any, was not identified.

The types of personal information exposed in this breach include Social Security numbers and financial account information.

Steps To Take If Your Information Was Exposed

In response to the breach, RMS is providing affected individuals with several protective services at no cost through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation. These services include 24 months of single bureau credit monitoring, a single bureau credit report and a single bureau credit score.

In addition to credit monitoring, RMS is offering enrolled individuals access to $1 million in identity theft insurance coverage. According to the notice, this insurance is available worldwide and covers identity theft expenses as well as unauthorized electronic fund transfer fraud.

To enroll in these services, affected individuals must visit Cyberscout's enrollment page and enter the unique code provided in their notification letter. According to the notice, individuals must enroll within 90 days from the date of the letter.

A credit freeze prevents credit bureaus from releasing information in a credit report without express authorization. This makes it much harder for someone to open new accounts using stolen information. Under federal law, placing or lifting a credit freeze is free. To place a freeze, individuals should contact all three major credit reporting bureaus:

• TransUnion: 1-800-680-7289 or www.transunion.com. For credit freezes, write to P.O. Box 160, Woodlyn, PA 19094.
• Experian: 1-888-397-3742 or www.experian.com. For credit freezes, write to P.O. Box 9554, Allen, TX 75013.
• Equifax: 1-888-298-0045 or www.equifax.com. For credit freezes, write to P.O. Box 105788, Atlanta, GA 30348-5788.

After a data breach, scammers sometimes send emails, texts or phone calls that reference the breach by name in an effort to trick people into sharing more personal information. Individuals should be cautious of any unsolicited communication that asks for personal details, even if it appears to come from Retail Merchandising Services or Cyberscout.

When in doubt, contact the company directly using information from the official notification letter.