CHARLOTTE, N.C., May 8, 2020 /PRNewswire/ — Although unaware of any actual or attempted misuse, HEPACO, LLC (“HEPACO”) is providing notice of a data privacy event impacting the security of information relating to certain current and former employees and clients.
What Happened? On August 20, 2019, HEPACO became aware of suspicious activity relating to certain employee email accounts. HEPACO immediately launched an investigation, with the aid of forensic experts, to determine the nature and scope of the activity. The investigation determined that an unauthorized actor accessed certain employee email accounts between August 8, 2019 and October 24, 2019. HEPACO undertook a lengthy and labor-intensive process to identify the personal information contained in the affected email accounts, and then reviewed its internal records to locate the appropriate mailing addresses for the impacted individuals. HEPACO is providing notice to the individuals whose information was present in the affected email accounts at the time of the incident and may have been viewed by the unauthorized actor.
What Information Was Affected? The accessed email account contained information relating to certain current and former HEPACO employees and clients. The type of information affected varies per individual, and includes one or more of the following types of information: name, date of birth, Social Security number, financial account number, medical or health information related to employment, driver’s license number, credit or debit card number, electronic signature, and username or email address and password. For a very small number of individuals, a passport number may have been affected.
Although they cannot confirm that any individual’s personal information was actually accessed, or viewed without permission, HEPACO is providing this notice out of an abundance of caution. HEPACO does not have any evidence of actual or attempted misuse of any individual’s information as a result of this incident.
How will individuals know if they are affected by this incident? HEPACO is mailing notice letters to the individuals for whom they have valid mailing addresses whose protected information was contained within the affected email accounts and may have been accessed or acquired by an unauthorized actor. If an individual did not receive a letter but would like to know if they are affected, they may call the hotline listed below.
What Are We Doing? HEPACO takes the security of personal information in its care very seriously. HEPACO has security measures in place to protect the information in its possession and they continue to assess and update its security measures and training to employees to safeguard the privacy and security of information in its care. This incident has been reported to certain state regulators, and Attorneys General. They are also offering the impacted individuals access to complimentary credit monitoring services as an added precaution. Because HEPACO has insufficient contact information for some of the individuals whose information may be contained in the impacted email accounts, they are providing notice to those potentially impacted individuals by way of a notification published to certain state media outlets.
Whom should individuals contact for more information? If individuals have questions or would like additional information, they may call HEPACO’s dedicated assistance line at (877) 873-7523 (toll free), Monday through Friday, 9:00 a.m. to 7:00 p.m., Eastern Time.
What can individuals do to protect their information? While HEPACO is unaware of any actual or attempted misuse of any information involved in this incident, they encourage those potentially impacted by the event to take steps to better protect against identity theft and fraud if they feel it is appropriate to do so.
Monitor Your Accounts. To protect against the possibility of identity theft or other financial loss, HEPACO encourages you to remain vigilant, to review your financial and other account statements, and to monitor your credit reports for suspicious activity.
Credit Reports. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Security Freeze. You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:
If you request a security freeze with the above consumer reporting agencies, you may need to provide the following information:
- Your full name (including middle initial as well as Jr., Sr., II, III, etc);
- Social Security Number;
- Date of birth;
- If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address such as a current utility bill or telephone bill; and
- A legible photocopy of a government issued identification card (state driver’s license or ID card, military information, etc.)
To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:
Additional Information. You can further educate yourself regarding identity theft, and the steps you can take to protect yourself, by contacting your state Attorney General or the Federal Trade Commission. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.ftc.gov/idtheft; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state’s Attorney General. This notice was not delayed by a law enforcement investigation. For Maryland residents, the Attorney General can be contacted by mail at 200 St. Paul Place, Baltimore, MD, 21202; toll-free at 1-888-743-0023; by phone at (410) 576-6300; consumer hotline (410) 528-8662; and online at www.marylandattorneygeneral.gov. For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violator. You may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580. For New York Residents: The New York Attorney General provides resources regarding identity theft protection and security breach response at www.ag.ny.gov/internet/privacy-and-identity-theft. The New York Attorney General can be contacted by phone at 1-800-771-7755; toll-free at 1-800-788-9898; and online at www.ag.ny.gov. For North Carolina Residents: The North Carolina Attorney General can be contacted by mail at 9001 Mail Service Center, Raleigh, NC 27699-9001; toll-free at 1-877-566-7226; by phone at 1-919-716-6400, and online at www.ncdoj.gov. For Rhode Island Residents: The Rhode Island Attorney General can be reached at: 150 South Main Street, Providence, Rhode Island 02903, www.riag.ri.gov, 1-401-247-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident. There are an unknown number of Rhode Island residents impacted by this incident.
SOURCE HEPACO, LLC