Security Incident
Frequently Asked Questions (FAQs)
FOR INTERNAL USE ONLY
Questions About The Incident
On June 17, 2015, a human resources employee discovered, during a business trip, that he had left his Company-issued laptop computer in the pocket of his airplane seat. The employee promptly notified the major airline on which he had flown and remained in contact with the airline in an effort to recover the laptop. The laptop has not yet been recovered.
The laptop contained employees’ personal information, including names, dates of birth, Social Security numbers, home addresses and personal telephone numbers. Fortunately, the laptop did not include any credit or debit card numbers.
The laptop was protected by a strong password.
There is currently no reason to believe that your personal information has been misused.
There are several reasons:
The earliest date on which any suspicious activity could have occurred is June 17, 2015.
Although the human resources employee informed us on June 17th about the loss of the laptop, the employee did not realize until several weeks later that personal information was stored on the laptop. As soon as we received that information, we worked diligently to determine the full scope of the personal information stored on the laptop. We then moved quickly to contract for identity protection services for you, to prepare and mail a notice to all affected individuals, and to establish administrative support for your questions,
Although we have no information to suggest that the personal information on the laptop has been misused or even accessed, out of an abundance of caution, the Company is providing two years of identity protection services to all affected individuals.
The Company does not comment on personnel decisions involving other employees.
Approximately 4,000 current and former employees were affected.
We can assure you that the Company is taking this incident seriously, and we are enhancing the Company’s information security to prevent a recurrence. For example, the Company is strengthening its protections for all data, in particular data stored on mobile devices to reduce the risk of loss from those devices. We are also implementing more robust incident response procedures
Yes, we have contacted law enforcement and will cooperate fully with any police investigation.
Please know that we deeply regret this security incident. We are dedicated to the security of our employee’s information and to preventing something like this from happening again.
Follow the Company’s standard media policy regarding statements to the media. Please refer any inquiries from the news media for comments on the Company’s behalf to Roop and Company. Do not respond to any questions for the Company. Simply say: “Roop will try to provide you with answers to your questions.” Roop’s contact information is: phone number: 216.902.3800, email: media@roopco.com
Questions About Services the Company Has Arranged
Monitoring your credit reports regularly is your first line of defense. Credit monitoring is a very effective tool for becoming aware of fraudulent activity. Every week, you’ll be informed of changes to your credit report, alerting you to activities such as:
The Company is providing you with two years of free credit monitoring through Experian. This product is known as ProtectMyID® Elite.
Early detection is the key to identifying fraud and preventing the damage it can cause. Monitoring alerts make you aware of changes in your credit file that could indicate the kind of unauthorized activity commonly associated with identity theft and fraud.
ProtectMyID Elite monitors credit reports of individuals with established credit. The benefits include the following:
(a) Monitoring the Experian credit file every day and email alerts of key changes indicating possible fraudulent activity sent within 24 hours;
(b) Monthly “No Hit” alerts, if applicable;
(c) Identity theft insurance; and
(d) Fraud resolution services in which a ProtectMyID agent walks you through resolving identity theft.
No, ProtectMyIDElite monitors only the Experian credit file, not the credit files of Transunion or Equifax. However, Experian has the largest credit file of the three national credit bureaus.
Please visit www.protectmyid.com/protect and enter the activation code provided in your notification letter. You will be instructed on how to initiate your online membership. If you have any difficulty accessing this product on-line, please call Experian at (866) 751-1324 for assistance.
Yes. Individuals should promptly decide whether they wish to enroll. The deadline for enrolling is October 31, 2015.
If there are no changes to your credit report during a particular month, you will receive an “all clear” report for that month. In that case, there is nothing for you to do.
If you receive a report other than an “all clear” report, the report will reflect certain credit activity in your name that’s commonly associated with identity theft, such as applying for a new credit card or loan, a change of address, etc. If the transaction isn’t one you initiated, simply call ProtectMyID toll free and Experian will immediately put you in touch with a fraud resolution agent to find out what’s happening and work to correct the problem.
While we have no reason to believe that the laptop has ended up in the hands of an unauthorized person, you still may want to take steps to help protect yourself. In addition to enrolling in Experian’s ProtectMyID service, consider taking the following measures:
Equifax P.O. Box 740241 Atlanta, GA 30374 (888) 766-0008 | Experian P.O. Box 2104 Allen, TX 75013 (888) 397-3742 | TransUnion P.O. Box 2000 Chester, PA 19022 (800) 680-7289 |
Your first point of reference should be to the written materials received in the Notice Letter. Alternately, you should call Experian at (866) 751-1324.
Questions About Identity Theft
According to the United States Department of Justice, the terms identity theft and identity fraud “refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.”
We do not know if anyone has accessed the information on the laptop. However, we cannot eliminate the possibility that someone might access the information and attempt to misuse it. Consequently, the Company sent you a notice about the incident to make you aware of the situation and to permit you to take advantage of the ProtectMyID service that the Company has arranged. You should consider activating ProtectMyID to reduce the risk that you will be victimized by identify theft and to protect yourself if identity theft does occur.
As far as we are able to determine, your credit card and financial account information are not at risk. However, you should still check your credit reports, credit card statements, and financial account statements for suspicious activity. If you do observe any suspicious activity, you should contact Experian at (866) 751-1324 for assistance.
To date, we are not aware that anyone has been victimized by identity theft because of this security incident.
Contact Experian, explain the situation, and tell them you would like to use their ProtectMyID services.
Contact [insert name and title] at the Company so that we can keep abreast of the risk. The contact information for [insert name and title] is [contact information].
File a police report with your local police or the police in the community where the identity theft took place. Get a copy of the report or at the very least, the number of the report to submit to creditors and others who may require documentation of the crime.
File a complaint with the Federal Trade Commission. The FTC maintains a database of identity theft complaints which can be accessed by law enforcement agencies for investigations. You can report identity theft at www.ftc.gov/idtheft or by calling the following toll-free number: (877) ID-THEFT (438-4338).
For more information on recovering from identity theft and help with specific problems, read “Take Charge: Fighting Back Against Identity Theft,” a publication from the FTC. It’s available online at www.ftc.gov/idtheft (specific link is: https://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf) or you can call (877) ID-THEFT to order a free copy.
If you observe suspicious activity, contact your creditors immediately. Ask to speak to someone in the security or fraud department, and follow-up in writing. If you discover a changed billing address on an existing card, close the account immediately. When you open a new account, ask that a password be used before any inquires or changes can be made on the account. When selecting a password or personal identification number avoid using easily available information or any of the information related to your name or Social Security number.
The resources below provide information about data security, privacy protection and identity theft:
Questions About Free Credit Reports
You can request a copy of your credit report yourself once a year from each of the three main credit bureaus through the Annual Credit Report Request Service by calling (877) 322-8228 or by visiting www.annualcreditreport.com. Many people choose to stagger their requests so that they receive a copy from one of the agencies every four months.
No. You can order your credit reports from all three credit bureaus for free once a year.
When reviewing your credit reports, be on the lookout for suspicious activity including:
It might be a good idea to order copies of your credit reports every three or four months for a while. How long you continue to order them is up to you. Identity thieves usually, but not always, act soon after stealing personal information. Thereafter, consider checking your credit reports at least twice a year as a general privacy protection measure.
Questions About Fraud Alerts
A fraud alert tells creditors to contact you before opening any new accounts or changing your existing accounts. Once you notify one of the three national credit bureaus of your fraud alert, the others will be notified to place a fraud alert as well. All three credit bureaus also will send you one credit report, free of charge.
Yes. You can contact any of the three national credit bureaus at the following telephone numbers or URLs:
Equifax: (888) 766-0008; www.equifax.com
Experian: (888) 397-3742; www.experian.com
TransUnion: (800) 680-7289; www.transunion.com
If you call just one of the bureaus, they will notify the other two. A fraud alert will be placed on your file with all three, and you will receive a confirming letter from all three.
A potential drawback to activating a fraud alert would occur should you attempt to open a new account. You would need to be available at either your work phone number or home phone number in order to approve opening the new credit account. If you are not available at either of those numbers, the creditor may not open the account. In addition, it may take longer to obtain credit and in some cases merchants may be hesitant to open a new account.
Fraud alerts will not necessarily prevent someone else from opening an account in your name. A creditor is not required by law to contact you if you have a fraud alert in place. If you suspect that you are or have already been a victim of identity theft, fraud alerts are only a small part of protecting your credit. You also need to pay close attention to your credit report to make sure that the only credit inquiries or new credit accounts in your file are yours.
No, placing a fraud alert does not damage your credit.
No, it will not stop you from using your credit cards. However, it may slow the process of obtaining new credit. Since the purpose of the fraud alert is to protect you from allowing someone else to open credit in your name, creditors will need to re-verify the identity of the person applying for credit.
An initial fraud alert lasts 90 days. You can remove an alert by calling the credit bureaus at the phone number given on your credit report. If you want to reinstate the alert, you can do so.
You may extend a free 90-day fraud alert by reinstating the alert when it expires. There is no limit to the number of times a free alert can be placed on your account, but the responsibility for reinstating the alert rests with you.
The credit bureaus ask for your Social Security number and other information to identify you and avoid sending your credit report to the wrong person. It is okay to give this information to the credit bureau when you call them.
Questions About A Security Freeze
A security freeze means that your credit file cannot be shared with potential creditors or other persons considering opening new accounts unless you decide to unlock your file by contacting a credit reporting agency and providing a PIN or password. Most businesses will not open credit accounts without first checking a consumer’s credit history. If your credit files are frozen, even someone who has your name and Social Security number would not likely be able to get credit in your name.
The security freeze (or credit freeze) is an option generally best reserved for people who have experienced extreme ID theft. Because the freeze essentially locks down your credit, it can be inconvenient for people who are simply seeking extra protection for their credit.
Yes, most states with credit freeze legislation provide an exemption so that credit monitoring can occur. If you reside in one of these states, there may be an extra “verification” step for you to complete during monitoring activation, but the monitoring should still be activated. Because credit freeze laws are being written into law constantly nationwide, we are not able to let you know what your state’s specific exemptions are. We recommend researching the issue on the credit bureaus’ websites or on sites explaining your state’s freeze legislation. If you have the time, it might be worth it just to try the monitoring and see if it goes through. To learn more, contact your State Attorney General’s office or visit the Federal Trade Commission’s website at www.ftc.gov/idtheft and click on the link for credit freeze information.
Other Questions
The Social Security Administration very rarely changes a person’s Social Security number. The mere possibility of fraudulent use of your Social Security number would probably not be viewed as a justification. There are drawbacks to changing your Social Security number. The absence of any history under the new Social Security number would make it difficult for you to get credit, continue college, rent an apartment, open a bank account, get health insurance, etc. In most cases, getting a new Social Security number would not be a good idea.