NYSARC Columbia County Chapter (“COARC”) - Breach notification
NOTICE OF INCIDENT
What Happened?
On July 19, 2022, NYSARC Columbia County Chapter (“COARC”) detected irregular activity on their systems that was consistent with a typical ransomware attack. Out of an abundance of caution, COARC immediately began to remediate the situation including disconnecting systems, engaging data security and privacy experts, contacting law enforcement, and simultaneously beginning an investigation. Due to the complexity of the attack, the investigation is still ongoing; however, out of an abundance of caution, COARC is providing this notice.
What Information Was Involved?
Based on the information COARC generally collects and maintains, names, addresses, date of birth, social security number, and/or other state identification number may potentially be involved. Limited health information for clients may also be impacted. However, the investigation is ongoing and specific details as to what categories of information were involved are not yet available. Note that this describes general categories of information collected and maintained by COARC, and it likely includes categories that are not relevant to each individual. As soon as we are able, individual notification letters will be mailed to affected individuals with further details.
What We Are Doing.
Upon becoming aware of the incident, COARC immediately implemented measures to further improve the security of our systems and practices. We worked with a leading privacy and security firm to aid in our investigation and response, and we are reporting this incident to relevant government agencies. We also implemented additional security protocols designed to protect our network, email environment, and systems.
What Can Impacted Individuals Do?
The investigation is ongoing and the identities of individuals who were individually affected, if any, is not yet known. However, out of an abundance of caution, COARC encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Under U.S. law, individuals are entitled to one (1) free credit report annually from each of the three major credit reporting bureaus. Additional information and resources are outlined below.
Steps You Can Take to Protect Your Personal Information
To obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.
Alternatively, affected individuals can contact the three (3) major credit reporting bureaus directly at the addresses below:
Contact information for the three nationwide credit reporting companies is as follows:
Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2104, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19022, www.transunion.com, 1-800-888-4213
Free Credit Report. We remind you to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every twelve (12) months from each of the three (3) nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Security Freeze. Security freezes, also known as credit freezes, restrict access to your credit file, making it harder for identity thieves to open new accounts in your name. You can freeze and unfreeze your credit file for free. You also can get a free freeze for your children who are under sixteen (16). And if you are someone’s guardian, conservator or have a valid power of attorney, you can get a free freeze for that person too.
How will these freezes work? Contact all three (3) of the nationwide credit reporting agencies – Equifax, Experian, and TransUnion. If you request a freeze online or by phone, the agency must place the freeze within one (1) business day. If you request a lift of the freeze, the agency must lift it within one (1) hour. If you make your request by mail, the agency must place or lift the freeze within three (3) business days after it gets your request. You also can lift the freeze temporarily without a fee.
Do not confuse freezes with locks. They work in a similar way, but locks may have monthly fees. If you want a free freeze guaranteed by federal law, then opt for a freeze, not a lock.
The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.
Fraud Alerts. A fraud alert tells businesses that check your credit that they should check with you before opening a new account. As of September 18, 2018, when you place a fraud alert, it will last one (1) year, instead of ninety (90) days. Fraud alerts will still be free and identity theft victims can still get an extended fraud alert for seven years.
Federal Trade Commission and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. You may contact the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/, 1-877-IDTHEFT (438-4338).
What Happened?
On July 19, 2022, NYSARC Columbia County Chapter (“COARC”) detected irregular activity on their systems that was consistent with a typical ransomware attack. Out of an abundance of caution, COARC immediately began to remediate the situation including disconnecting systems, engaging data security and privacy experts, contacting law enforcement, and simultaneously beginning an investigation. Due to the complexity of the attack, the investigation is still ongoing; however, out of an abundance of caution, COARC is providing this notice.
What Information Was Involved?
Based on the information COARC generally collects and maintains, names, addresses, date of birth, social security number, and/or other state identification number may potentially be involved. Limited health information for clients may also be impacted. However, the investigation is ongoing and specific details as to what categories of information were involved are not yet available. Note that this describes general categories of information collected and maintained by COARC, and it likely includes categories that are not relevant to each individual. As soon as we are able, individual notification letters will be mailed to affected individuals with further details.
What We Are Doing.
Upon becoming aware of the incident, COARC immediately implemented measures to further improve the security of our systems and practices. We worked with a leading privacy and security firm to aid in our investigation and response, and we are reporting this incident to relevant government agencies. We also implemented additional security protocols designed to protect our network, email environment, and systems.
What Can Impacted Individuals Do?
The investigation is ongoing and the identities of individuals who were individually affected, if any, is not yet known. However, out of an abundance of caution, COARC encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Under U.S. law, individuals are entitled to one (1) free credit report annually from each of the three major credit reporting bureaus. Additional information and resources are outlined below.
Steps You Can Take to Protect Your Personal Information
To obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.
Alternatively, affected individuals can contact the three (3) major credit reporting bureaus directly at the addresses below:
Contact information for the three nationwide credit reporting companies is as follows:
Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2104, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19022, www.transunion.com, 1-800-888-4213
Free Credit Report. We remind you to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every twelve (12) months from each of the three (3) nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Security Freeze. Security freezes, also known as credit freezes, restrict access to your credit file, making it harder for identity thieves to open new accounts in your name. You can freeze and unfreeze your credit file for free. You also can get a free freeze for your children who are under sixteen (16). And if you are someone’s guardian, conservator or have a valid power of attorney, you can get a free freeze for that person too.
How will these freezes work? Contact all three (3) of the nationwide credit reporting agencies – Equifax, Experian, and TransUnion. If you request a freeze online or by phone, the agency must place the freeze within one (1) business day. If you request a lift of the freeze, the agency must lift it within one (1) hour. If you make your request by mail, the agency must place or lift the freeze within three (3) business days after it gets your request. You also can lift the freeze temporarily without a fee.
Do not confuse freezes with locks. They work in a similar way, but locks may have monthly fees. If you want a free freeze guaranteed by federal law, then opt for a freeze, not a lock.
The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.
Fraud Alerts. A fraud alert tells businesses that check your credit that they should check with you before opening a new account. As of September 18, 2018, when you place a fraud alert, it will last one (1) year, instead of ninety (90) days. Fraud alerts will still be free and identity theft victims can still get an extended fraud alert for seven years.
Federal Trade Commission and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. You may contact the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/, 1-877-IDTHEFT (438-4338).
