EAST HOUSE PROVIDES NOTICE OF DATA PRIVACY EVENT
Rochester, New York – February 17, 2020 – Although we are unaware of any actual or attempted misuse, East House is providing notice of a data privacy event impacting the security of information relating to certain current and former residents and current, former, and prospective East House employees.
What happened? On July 25, 2019, East House became aware of suspicious activity relating to an employee email account. We immediately launched an investigation to determine what may have happened. Working together with a leading computer forensics firm, East House determined that an unauthorized individual or individuals accessed one (1) employee email account between July 8, 2019 and July 25, 2019, and sensitive information contained therein was accessible to unknown individuals. On November 13, 2019, we identified the individuals potentially impacted by this incident after a thorough programmatic and manual review of the email account. East House has worked since this time to locate valid mailing addresses for the potentially impacted individuals in order to provide notice of this event.
What information may have been affected by this incident? The accessed email account contained information related to certain current and former East House residents, as well as current, former, and prospective employees. The type of information affected varies per impacted individual, and includes one or more of the following types of information: name, date of birth, Social Security number, driver’s license number or state identification card number, treatment and/or health-related information. For a very small number of individuals, financial account numbers were also affected.
Although we cannot confirm that any individual’s personal information was actually accessed, or viewed without permission, we are providing this notice out of an abundance of caution. We do not have any evidence of actual or attempted misuse of any individual’s information as a result of this incident.
How will individuals know if they are affected by this incident? East House is mailing notice letters to the individuals for whom we have valid mailing addresses whose protected information was contained within the affected email account and may have been accessed or acquired by an unauthorized actor. If an individual did not receive a letter but would like to know if they are affected, they may call the hotline listed below.
What is East House doing? Information privacy and security are among our highest priorities. We have strict security measures to protect the information in our possession. Upon learning of this incident, East House quickly changed all employee email account passwords and took steps to secure the accounts. East House is currently implementing additional technical safeguards as well as training and education for employees to prevent similar future incidents. We are also offering the impacted individuals access to complimentary credit monitoring services as an added precaution. Because East House has insufficient contact information for some of the individuals whose information may be contained in the impacted email account, we are providing notice to those potentially impacted individuals by way of a notification published to certain state media outlets.
Whom should individuals contact for more information? If individuals have questions or would like additional information, they may call our dedicated assistance line at 833-947-1417 (toll free), Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time.
What can individuals do to protect their information? While East House is unaware of any actual or attempted misuse of any information involved in this incident, we encourage those potentially impacted by the event to take steps to better protect against identity theft and fraud if they feel it is appropriate to do so.
Monitor Your Accounts. To protect against the possibility of identity theft or other financial loss, East House encourages you to remain vigilant, to review your account statements, and to monitor your credit reports for suspicious activity.
Credit Reports. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Security Freeze. You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. In order to request a security freeze, you will need to supply your full name, address, date of birth, Social Security number, current address, all addresses for up to five previous years, email address, a copy of your state identification card or driver’s license, and a copy of a utility bill, bank or insurance statement, or other statement proving residence.
Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:
PO Box 9554
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
PO Box 105788
Atlanta, GA 30348-5788
To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
P.O. Box 105069
Atlanta, GA 30348
Additional Information. You can further educate yourself regarding identity theft, and the steps you can take to protect yourself, by contacting your state Attorney General or the Federal Trade Commission. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.ftc.gov/idtheft; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state’s Attorney General. This notice was not delayed by a law enforcement investigation.
For Maryland residents, the Attorney General can be contacted by mail at 200 St. Paul Place, Baltimore, MD, 21202; toll-free at 1-888-743-0023; by phone at (410) 576-6300; consumer hotline (410) 528-8662; and online at www.marylandattorneygeneral.gov. For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violator. You may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580. For New York Residents: The New York Attorney General provides resources regarding identity theft protection and security breach response at www.ag.ny.gov/internet/privacy-and-identity-theft. The New York Attorney General can be contacted by phone at 1-800-771-7755; toll-free at 1-800-788-9898; and online at www.ag.ny.gov. For North Carolina Residents: The North Carolina Attorney General can be contacted by mail at 9001 Mail Service Center, Raleigh, NC 27699-9001; toll-free at 1-877-566-7226; by phone at 1-919-716-6400, and online at www.ncdoj.gov.