We recently learned that certain of our clients’ personal information could have been viewed as a part of an email account compromise, when six of our staff email accounts were accessed by an unauthorized party. Upon learning of the incident, we promptly locked down the effected accounts and are now taking steps to implement additional security by adding two factor authentication to our email system. We also retained a leading forensic security firm to investigate and confirm the security of our email and computer systems. At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident, and do not know if any personal information was actually obtained by an unauthorized party. Nevertheless, because there was an email account compromise and we cannot confirm exactly what, if any, information may have been obtained, we searched impacted accounts for personal information.
What Information May Have Been Involved?
The compromised accounts contained some personal information, including names, addresses, Social Security numbers, and for a small number of people drivers’ license numbers, primarily information contained in attachments to in-bound emails sent to us by our clients and inter-office email between staff.
What We Are Doing?
On July 19, 2018, we sent written notification to all potentially impacted individuals for whom we have contact information, and have arranged for complimentary identity theft protection services. If you do not receive written notification from us, but you are a client of ours, or otherwise believe you could have been impacted by this situation, please contact us using the information below.
What Can You Do?
For those who may have been impacted by this situation, we recommend, as a precautionary measure, that you remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing your account statements and monitoring credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and your state’s attorney general.
You may also wish to review the tips provided by the FTC on fraud alerts, security/credit freezes and steps that you can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). You may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
If you received notice of the incident from us, or otherwise believe you could have been impacted and you have questions, please call 612-259-3199 during normal business hours.