Rich Products Data Breach: SSNs and Government IDs Exposed

Rich Products Corp., a family-owned food company headquartered in Buffalo, New York, has disclosed a data breach that originated at its third-party service provider, First Advantage Corp.

The breach was reported to the New Hampshire Attorney General in a filing dated April 22, 2026. Consumer notification letters were sent out to affected individuals on April 21, 2026.

What happened in the Rich Products data breach

The breach began with a phishing attack that targeted a single employee at First Advantage Corp. The compromised account belonged to an employee in First Advantage's Drug & Occupational Health Screening Unit, a division that handles drug testing and occupational health screening processes.

On or about Nov. 13, 2025, an unauthorized third party gained access to the employee's email account. First Advantage discovered the unauthorized access four days later, on Nov. 17, 2025, and took steps to contain the incident.

The subsequent investigation determined that the attacker was able to use the compromised employee's account to download the full contents of the employee's email inbox. The incident was limited to this single email account and did not impact First Advantage's broader network, systems or service platforms, according to the filing.

The types of information exposed included first and last name, driver's license number, Social Security number and date of birth. The specific combination of information affected varies depending on the individual record, according to the notification.

Rich Products was not notified of the incident until more than four months after First Advantage first discovered the unauthorized access.

Rich Products' response to the breach

First Advantage is offering affected individuals 24 months of complimentary credit monitoring and identity protection services through Cyberscout, a TransUnion company. The package includes credit monitoring, fraud consultation and identity theft restoration. Individuals can activate their services by visiting the Cyberscout activation page.

The deadline to activate is July 21, 2026.

A dedicated call center has been established to answer questions about the incident. Affected individuals can call 833-289-5957 between 8 a.m. and 8 p.m. Eastern Time, Monday through Friday, excluding major U.S. holidays.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with all three major credit bureaus: Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-909-8872).
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts or credit inquiries.
• Monitor bank accounts and financial statements regularly for unauthorized transactions or suspicious activity.
• Be cautious of phishing attempts that reference Rich Products, First Advantage or this data breach by name, as scammers sometimes use real breach notifications to trick people into sharing more information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and file a report with local law enforcement if needed.