We experienced a security incident in April where client data may have been compromised. Our team caught it immediately and we notified regulators and law enforcement, and are actively assisting the FBI in its ongoing investigation into the incident. We take the security of information entrusted to us seriously and regret this incident occurred. We have taken steps to ensure this doesn’t happen again.
In accordance with individual state laws regarding proper notification to affected people following a data breach, we mailed individual letters making those affected aware of the incident and provided steps to ensure that data was not misused. A copy of the letter sent to customers is available below:
We immediately changed all system passwords and restored all servers. We implemented tighter firewall restrictions and all systems were patched to the latest patch level. We also notified and met with the FBI and launched an internal investigation with a third-party forensic specialist to learn how exactly the incident occurred. We also alerted the state attorneys general.
In the weeks since the breach, we have undergone a SOC2 Type II audit, which covers data security, availability, integrity, confidentiality, and privacy processes, and a penetration test, to ensure that our security standards are to the absolute highest levels.
We are sorry this incident occurred. The steps that we have taken since are to ensure the future safety and trust of current and future customers. If you have any questions, please email us at email@example.com or call 855-762-5383.