Rehabilitation Support Services notifies current and former employees and clients of IT security incident
4817-9435-1610.1
Rehabilitation Support Services
Rehabilitation Support Services notifies current and former employees and
clients of IT security incident
Altamont, NY — Rehabilitation Support Services, Inc. (“RSS”) recently discovered an
incident that may affect the security of personal and protected health information of some
of its employees and clients. RSS has sent notification of this incident to potentially
impacted individuals and is providing resources to assist them.
After noticing suspicious activity on its systems on June 1, 2021, RSS launched an
investigation to determine the nature and scope of the suspicious activity. Working with
outside computer forensics specialists, RSS later determined that an unknown actor
accessed the RSS network, removed certain information from it and published the
information on a dark web website in connection the incident.
RSS undertook a comprehensive and time-intensive review of all files that were impacted
to determine whether protected health information and/or personal information was
present in files. On August 5, 2021, RSS identified information belonging to certain current
or former employees and clients in the published documents. RSS immediately worked
to identify current address information for these individuals and notify them accordingly.
The information accessed by the unauthorized actor varies per individual but may include:
name, address, date of birth, Social Security number, health insurance information,
and/or medical diagnosis or treatment information. Currently, there is no evidence of the
misuse of any information involved in this incident to commit identity theft. Nevertheless,
notice of this incident was sent to the potentially impacted individuals beginning on
September 8, 2021.
In addition to informing potentially impacted individuals about the incident, the notification
letter includes steps that potentially impacted individuals can take to protect their
information and offers these individuals access to complimentary identity monitoring and
protection services. RSS recommends that individuals enroll in the services provided and
follow the recommendations contained within the notification letter to ensure their
information is protected.
4817-9435-1610.1
RSS has reported this incident to law enforcement and is cooperating with the FBI in
hopes of holding the perpetrator accountable. RSS is also reporting this incident to certain
regulatory authorities, as required.
At RSS, the privacy of employees and clients is of the utmost importance. RSS deeply
regrets any concern or inconvenience this incident may cause.
RSS is committed to the welfare of its employees and clients and to protecting their
information and has established a dedicated assistance line for individuals seeking
additional information regarding this incident. Individuals seeking additional information
may call the toll-free assistance line at 1-800-710-2138. This toll-free line is available from
9:00 AM to 9:00 PM Eastern Time, Monday through Friday, excluding U.S. holidays.
RSS is also providing the following information to help those who want to know
more about steps they can take to protect themselves and their personal
information:
What steps can I take to protect my personal information?
• Please notify your financial institution immediately if you detect any suspicious activity on
any of your accounts, including unauthorized transactions or new accounts opened in your
name that you do not recognize. You should also promptly report any fraudulent activity
or any suspected incidents of identity theft to proper law enforcement authorities.
• You can request a copy of your credit report, free of charge, directly from each of the three
nationwide credit reporting agencies. To do so, free of charge once every 12 months,
please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact
information for the three nationwide credit reporting agencies is listed at the bottom of this
page.
• You can take steps recommended by the Federal Trade Commission to protect yourself
from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
• Additional information on what you can do to better protect yourself is included in your
notification letter.
How do I obtain a copy of my credit report?
You may obtain a free copy of your credit report from each of the three major credit reporting
agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free
877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual
Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one
of the following three national credit reporting agencies:
TransUnion
P.O. Box 1000
Chester, PA 19016
Experian
P.O. Box 2002
Allen, TX 75013
Equifax
P.O. Box 740241
Atlanta, GA 30374
4817-9435-1610.1
1-800-916-8800
www.transunion.com
1-888-397-3742
www.experian.com
1-888-548-7878
www.equifax.com
How do I put a fraud alert on my account?
You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free
and will stay on your credit file for one year. The alert informs creditors of possible fraudulent
activity within your report and requests that the creditor contact you prior to establishing any
accounts in your name. To place a fraud alert on your credit report, contact any of the three credit
reporting agencies identified above. Additional information is available at
http://www.annualcreditreport.com.
How do I put a security freeze on my credit reports?
You have the right to place a security freeze on your credit report. A security freeze is intended
to prevent credit, loans and services from being approved in your name without your consent. To
place a security freeze on your credit report, you need to make a request to each consumer
reporting agency. You may make that request by certified mail, overnight mail, or regular stamped
mail, or online by following the instructions found at the websites listed below. You will need to
provide the following information when requesting a security freeze (note that if you are making a
request for your spouse, this information must be provided for him/her as well): (1) full name, with
middle initial and any suffixes; (2) Social Security number; (3) date of birth; and (4) address. You
may also be asked to provide other personal information such as your email address, a copy of a
government-issued identification card, and a copy of a recent utility bill or bank or insurance
statement. It is essential that each copy be legible, display your name and current mailing
address, and the date of issue. There is no charge to place, lift, or remove a freeze. You may
obtain a security freeze by contacting any one or more of the following national consumer
reporting agencies:
Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
1-800-685-1111
www.equifax.com
Experian Security Freeze
PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com
TransUnion (FVAD)
PO Box 2000
Chester, PA 19022
1-800-909-8872
www.transunion.com
What should I do if my family member’s information was involved in the incident and is
deceased?
You may choose to notify the three major credit bureaus, Equifax, Experian and TransUnion, and
request they flag the deceased credit file. This will prevent the credit file information from being
used to open credit. To make this request, mail a copy of your family member’s death certificate
to each company at the addresses below.
Equifax
Equifax Information Services
Experian TransUnion
4817-9435-1610.1
P.O. Box 105169,
Atlanta, GA 30348
Experian Information
Services
P.O. Box 9701
Allen, TX 75013
Trans Union Information
Services
P.O. Box 2000
Chester, PA 19022
What should I do if my minor child’s information is involved in the incident?
You can request that each of the three national credit reporting agencies perform a manual search
for a minor’s Social Security number to determine if there is an associated credit report. Copies
of identifying information for the minor and parent/guardian may be required, including birth or
adoption certificate, Social Security card and government issued identification card. If a credit
report exists, you should request a copy of the report and immediately report any fraudulent
accounts to the credit reporting agency. You can also report any misuse of a minor’s information
to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and
instructions for requesting a manual Social Security number search, visit the FTC website:
https://www.consumer.ftc.gov/articles/0040-child-identity-theft. Contact information for the three
national credit reporting agencies may be found above.
Rehabilitation Support Services
Rehabilitation Support Services notifies current and former employees and
clients of IT security incident
Altamont, NY — Rehabilitation Support Services, Inc. (“RSS”) recently discovered an
incident that may affect the security of personal and protected health information of some
of its employees and clients. RSS has sent notification of this incident to potentially
impacted individuals and is providing resources to assist them.
After noticing suspicious activity on its systems on June 1, 2021, RSS launched an
investigation to determine the nature and scope of the suspicious activity. Working with
outside computer forensics specialists, RSS later determined that an unknown actor
accessed the RSS network, removed certain information from it and published the
information on a dark web website in connection the incident.
RSS undertook a comprehensive and time-intensive review of all files that were impacted
to determine whether protected health information and/or personal information was
present in files. On August 5, 2021, RSS identified information belonging to certain current
or former employees and clients in the published documents. RSS immediately worked
to identify current address information for these individuals and notify them accordingly.
The information accessed by the unauthorized actor varies per individual but may include:
name, address, date of birth, Social Security number, health insurance information,
and/or medical diagnosis or treatment information. Currently, there is no evidence of the
misuse of any information involved in this incident to commit identity theft. Nevertheless,
notice of this incident was sent to the potentially impacted individuals beginning on
September 8, 2021.
In addition to informing potentially impacted individuals about the incident, the notification
letter includes steps that potentially impacted individuals can take to protect their
information and offers these individuals access to complimentary identity monitoring and
protection services. RSS recommends that individuals enroll in the services provided and
follow the recommendations contained within the notification letter to ensure their
information is protected.
4817-9435-1610.1
RSS has reported this incident to law enforcement and is cooperating with the FBI in
hopes of holding the perpetrator accountable. RSS is also reporting this incident to certain
regulatory authorities, as required.
At RSS, the privacy of employees and clients is of the utmost importance. RSS deeply
regrets any concern or inconvenience this incident may cause.
RSS is committed to the welfare of its employees and clients and to protecting their
information and has established a dedicated assistance line for individuals seeking
additional information regarding this incident. Individuals seeking additional information
may call the toll-free assistance line at 1-800-710-2138. This toll-free line is available from
9:00 AM to 9:00 PM Eastern Time, Monday through Friday, excluding U.S. holidays.
RSS is also providing the following information to help those who want to know
more about steps they can take to protect themselves and their personal
information:
What steps can I take to protect my personal information?
• Please notify your financial institution immediately if you detect any suspicious activity on
any of your accounts, including unauthorized transactions or new accounts opened in your
name that you do not recognize. You should also promptly report any fraudulent activity
or any suspected incidents of identity theft to proper law enforcement authorities.
• You can request a copy of your credit report, free of charge, directly from each of the three
nationwide credit reporting agencies. To do so, free of charge once every 12 months,
please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact
information for the three nationwide credit reporting agencies is listed at the bottom of this
page.
• You can take steps recommended by the Federal Trade Commission to protect yourself
from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
• Additional information on what you can do to better protect yourself is included in your
notification letter.
How do I obtain a copy of my credit report?
You may obtain a free copy of your credit report from each of the three major credit reporting
agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free
877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual
Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one
of the following three national credit reporting agencies:
TransUnion
P.O. Box 1000
Chester, PA 19016
Experian
P.O. Box 2002
Allen, TX 75013
Equifax
P.O. Box 740241
Atlanta, GA 30374
4817-9435-1610.1
1-800-916-8800
www.transunion.com
1-888-397-3742
www.experian.com
1-888-548-7878
www.equifax.com
How do I put a fraud alert on my account?
You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free
and will stay on your credit file for one year. The alert informs creditors of possible fraudulent
activity within your report and requests that the creditor contact you prior to establishing any
accounts in your name. To place a fraud alert on your credit report, contact any of the three credit
reporting agencies identified above. Additional information is available at
http://www.annualcreditreport.com.
How do I put a security freeze on my credit reports?
You have the right to place a security freeze on your credit report. A security freeze is intended
to prevent credit, loans and services from being approved in your name without your consent. To
place a security freeze on your credit report, you need to make a request to each consumer
reporting agency. You may make that request by certified mail, overnight mail, or regular stamped
mail, or online by following the instructions found at the websites listed below. You will need to
provide the following information when requesting a security freeze (note that if you are making a
request for your spouse, this information must be provided for him/her as well): (1) full name, with
middle initial and any suffixes; (2) Social Security number; (3) date of birth; and (4) address. You
may also be asked to provide other personal information such as your email address, a copy of a
government-issued identification card, and a copy of a recent utility bill or bank or insurance
statement. It is essential that each copy be legible, display your name and current mailing
address, and the date of issue. There is no charge to place, lift, or remove a freeze. You may
obtain a security freeze by contacting any one or more of the following national consumer
reporting agencies:
Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
1-800-685-1111
www.equifax.com
Experian Security Freeze
PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com
TransUnion (FVAD)
PO Box 2000
Chester, PA 19022
1-800-909-8872
www.transunion.com
What should I do if my family member’s information was involved in the incident and is
deceased?
You may choose to notify the three major credit bureaus, Equifax, Experian and TransUnion, and
request they flag the deceased credit file. This will prevent the credit file information from being
used to open credit. To make this request, mail a copy of your family member’s death certificate
to each company at the addresses below.
Equifax
Equifax Information Services
Experian TransUnion
4817-9435-1610.1
P.O. Box 105169,
Atlanta, GA 30348
Experian Information
Services
P.O. Box 9701
Allen, TX 75013
Trans Union Information
Services
P.O. Box 2000
Chester, PA 19022
What should I do if my minor child’s information is involved in the incident?
You can request that each of the three national credit reporting agencies perform a manual search
for a minor’s Social Security number to determine if there is an associated credit report. Copies
of identifying information for the minor and parent/guardian may be required, including birth or
adoption certificate, Social Security card and government issued identification card. If a credit
report exists, you should request a copy of the report and immediately report any fraudulent
accounts to the credit reporting agency. You can also report any misuse of a minor’s information
to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and
instructions for requesting a manual Social Security number search, visit the FTC website:
https://www.consumer.ftc.gov/articles/0040-child-identity-theft. Contact information for the three
national credit reporting agencies may be found above.
