What Happened
In November 2018, IIABA was the victim of a security incident whereby an unauthorized individual obtained access to a single IIABA email mailbox. No member or for-profit affiliate data systems were involved. As part of this incident, it became evident that certain individuals' personal information (primarily consisting of current and former employees) may have been viewed, accessed, or acquired by the unauthorized individual. To the best of our knowledge, this unauthorized activity began on November 6, 2018. The activity was discovered on or around November 29, 2018.
At this time, there is no indication that any personal information was viewed or used inappropriately. However, out of an abundance of caution, we have provided notice to individuals identified as potentially affected.
What Information Was Involved
As a result of our investigation to date, we determined on March 1, 2019 that certain individuals' names, addresses, social security numbers, financial information, and other personal data may have been potentially exposed.
What We Are Doing
Upon discovery of the incident, IIABA immediately changed all relevant network passwords and alerted the technology staff to monitor closely for any subsequent events. IIABA has retained an outside forensics firm to analyze and investigate the security incident.
What You Can Do
Please review the below section entitled Steps You Can Take to Further Protect Your Information further information on steps you can take to protect your information.
For More Information
For further information and assistance, please contact Kathy Tilson or Inês Hoyle toll free at (800) 221-7917.
Sincerely,
Steve Cocke
Chief Financial Officer
Steps You Can Take to Further Protect Your Information
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity
As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission.
To file a complaint with the FTC, go to www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC's Identity Theft Data Clearinghouse, which is a database made available to law enforcement agencies.
Copy of Credit Report
You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of the request form at https://www.annualcreditreport.com/cra/requestformfinal.pdf. Or you can elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies. Contact information for the three national credit reporting agencies for the purpose of requesting a copy of your credit report or for general inquiries is provided below:
Equifax
(800) 685-1111
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374
Experian
(888) 397-3742
www.experian.com
535 Anton Blvd., Suite 100
Costa Mesa, CA 92626
TransUnion
(800) 916-8800
www.transunion.com
P.O. Box 6790
Fullerton, CA 92834
Fraud Alert
You may consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com.
Security Freeze
You may have the right to put a credit freeze, also known as a security freeze, on your credit file, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A credit freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. In addition, you may incur fees to place, lift and/or remove a credit freeze. Credit freeze laws vary from state to state. The cost of placing, temporarily lifting, and removing a credit freeze also varies by state, generally $5 to $20 per action at each credit reporting company. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting company. Since the instructions for how to establish a credit freeze differ from state to state, please contact the three major credit reporting companies as specified below to find out more information:
Equifax: P.O. Box 105788, Atlanta, GA 30348, www.equifax.com
Experian: P.O. Box 9554, Allen, TX 75013, www.experian.com
TransUnion LLC: P.O. Box 2000, Chester, PA, 19022-2000, freeze.transunion.com
You can obtain more information about fraud alerts and credit freezes by contacting the FTC or one of the national credit reporting agencies listed above. The contact information for the Federal Trade Commission is as follows:
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.ftc.gov/idtheft
1-877-ID-THEFT (877-438-4338)
Additional Free Resources on Identity Theft
You may wish to review the tips provided by the Federal Trade Commission on how to avoid identity theft. For more information, please visit http://www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338).