Although it is unknown whether a hacker actually accessed business emails, the Companies are proceeding with caution and treating this incident as though unauthorized access was obtained.
The categories of information that might have been accessible through this incident consist of employee payroll and personal benefit data, including information pertaining to participation in the Companies’ health plan. This data includes: names, Social Security numbers, home addresses, birth dates, earnings amounts, health plan ID numbers, and, in some instances, driver’s license numbers and business-issued credit cards. Additionally, some email communications regarding health plan participation, coverage, or claims (including information concerning diagnoses, medications, procedures, treatment dates, and payments sought and paid) were potentially exposed in this incident.
The customer information that might have been accessible as a result of this incident involves personal information submitted to Western States Equipment Company, including names, home and business addresses, Social Security numbers, and, in some instances, driver’s license numbers and credit card numbers.
On May 1, business IT managers learned of the phishing email and removed it from the network. After several days of investigation, they determined, on May 9, that the phishing email might have been sent due to a business network intrusion by an external threat. On May 10, they contained the external threat by restricting network access and requiring all users to reset their passwords. The Companies promptly engaged cybersecurity consultants and forensic investigators to analyze and understand the incident and to protect the private information of employees and customers. The Companies have also notified law enforcement of the incident and continue to work with them.
“We deeply regret the incident and want to extend our apologies to and express our concern about those potentially affected by this incident,” said Tom Terteling, President and CEO of the Terteling Company. “We apologize to our current and former employees, their dependents, and our customers, for both the concern and frustration this incident may cause. We are conducting a thorough review of our data privacy and security policies and procedures to reduce the risk of future incidents, and we plan to provide additional training to all of our employees in an effort to prevent any future incidents.”
The Companies have provided written notice to all potentially affected individuals as well as complimentary identity theft and credit monitoring service. All potentially affected adults may enroll free of charge in a one-year membership of Experian’s® IdentityWorksSM identity theft and credit monitoring service, which provides enrollees with access to their credit reports, credit monitoring, internet surveillance, identity restoration, and up to $1 million in identity theft insurance. A similar complimentary service is being offered for minor children. Experian’s® customer care agents can be reached at 855-726-7360 and can address questions, provide assistance with identity restoration, or discuss an alternative to enrolling in Experian® IdentityWorksSM. Additional information regarding identity theft protection and specific credit monitoring enrollment instructions is also included in the written notice mailed to potentially affected individuals.
All potentially affected individuals receiving notice are strongly encouraged to enroll in the complimentary Experian® identity monitoring service. Anyone believing he or she has been the victim of identity theft or a fraudulent transaction due to this incident is urged to contact Experian® and the Terteling Company family of businesses for assistance.
Contact: Michael Romans, 208-884-2249
View original content:http://www.prnewswire.com/news-releases/the-terteling-company-family-of-businesses-addresses-data-security-incident-300672555.html
SOURCE Terteling Company, Inc.