Cybersecurity News

Allegheny Intermediate Unit – Notice of Data Privacy Event

HOMESTEAD, Pa., May 20, 2020 /PRNewswire/ — The Allegheny Intermediate Unit (“AIU”) today is providing additional information about a recent event that may impact the privacy of some personal data related to its current and former employees, job seekers who used the AIU’s PA-Educator.net website, and certain students.  While it is unaware of any actual or attempted misuse of information, the AIU is providing information about the event, its response, and steps individuals can take to better protect against personal misuse of your information. This notification is meant to supplement our February 7, 2020 notification and is not notice of a new incident.

What happened?    On October 28, 2019, the AIU discovered that certain servers within its systems had been infected with malware known as ransomware that prevented it from accessing some of its files.  The AIU immediately began working with its in-house information technology department and third-party specialists to determine the nature and scope of the incident.  The AIU determined that it had backup versions of the most critical information and was able to restore access to the affected files without engaging or paying the unknown intruder.  The AIU later determined the unauthorized individual who introduced the malware may have had access to servers containing protected personal information.

What information was involved?  The AIU has no evidence the unknown actor actually accessed or acquired any information stored on AIU servers.  However, some of the servers stored personal information.  The investigation determined that the personal information which was present on servers that could have been accessed included names, mailing addresses, email addresses, Social Security Numbers, and drivers’ license numbers.

What is the AIU doing?  The AIU takes this incident, and the security of information in its possession very seriously.  It is continuing to review its policies and procedures and enhancing the security of its information systems to mitigate the risk an incident like this will occur in the future.  Though it does not have any evidence that personal information was accessed or acquired by the unauthorized individual, it is providing this notice out of an abundance of caution.  The AIU is also providing credit monitoring to potentially affected individuals. 

What you can do.  While the AIU has no evidence that any personal information was subject to unauthorized access, or has been or will be misused, it encourages anyone who thinks their information may have been impacted to monitor financial accounts and notify their bank immediately if they detect unauthorized or unusual activity.  Please review the enclosed Steps You Can take to Protect Your Information.

For more information.  If there are additional questions, the AIU established a dedicated assistance line at 1-833-579-1098 during 9am9pm Eastern Time, Monday through Friday except U.S. holidays.  Those individuals who believe they are impacted may also contact this number to enroll in the complimentary credit monitoring services.

The AIU encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious activity.  Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.

Individuals have the right to place a “security freeze” on their credit report, which will prohibit a consumer reporting agency from releasing information in a credit report without express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved without consent.  However, individuals should be aware that using a security freeze to take control over who gets access to the personal and financial information in a credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application made regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, individuals cannot be charged to place or lift a security freeze on a credit report.  Should individuals wish to place a security freeze, please contact the major consumer reporting agencies listed below:

Experian

PO Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com/freeze/center.html

 

TransUnion

P.O. Box 2000

Chester, PA 19016

1-888-909-8872

www.transunion.com/credit-freeze

Equifax

PO Box 105788

Atlanta, GA 30348-5788

1-800-685-1111

www.equifax.com/personal/credit-report-services

 

In order to request a security freeze, individuals will need to provide the following information:

  1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
  7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

As an alternative to a security freeze, individuals have the right to place an initial or extended “fraud alert” on their file at no cost.  An initial fraud alert is a one-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If individuals are a victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should individuals wish to place a fraud alert, please contact any one of the agencies listed below:

Experian

P.O. Box 2002

Allen, TX 75013

1-888-397-3742

www.experian.com/fraud/center.html

TransUnion

P.O. Box 2000

Chester, PA 19106

1-800-680-7289

www.transunion.com/fraud-victim-resource/place-fraud-alert

Equifax

P.O. Box 105069

Atlanta, GA 30348

1-888-766-0008

www.equifax.com/personal/credit-report-services

The Federal Trade Commission (“FTC”) can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The FTC also encourages those who discover that their information has been misused to file a complaint. Individuals can obtain further information on how to file such a complaint by way of the contact information listed above. Individuals have the right to file a police report if they ever experience identity theft or fraud.  Please note that in order to file a report with law enforcement for identity theft, individuals will likely need to provide some proof that they have been a victim.  Instances of known or suspected identity theft should also be reported to law enforcement and the Pennsylvania Attorney General.

Cision View original content:http://www.prnewswire.com/news-releases/allegheny-intermediate-unit—notice-of-data-privacy-event-301063098.html

SOURCE Allegheny Intermediate Unit

Print Friendly, PDF & Email