OHLA USA notifies people about data privacy incident

19
OHLA USA notifies people about data privacy incident

OHLA USA , formerly OHL North America (“OHLA”), a construction and engineering company based at 26-15 Ulmer Street, Flushing, New York , announced that it sent notification letters by mail to individuals whose information may have been involved in an incident involving unauthorized access to certain files containing employee payroll records and information related to the benefit plan for OHLA employees.

With extreme caution and to redirect some notification letters that were returned as undeliverable, OHLA has created a web page at www.ohlna.com. It contains a copy of the notification sent and information on certain credit monitoring services that are offered to affected persons.

On April 13, 2021, OHLA discovered that a third party accessed its system and extracted certain files sometime between March 18 and April 8, 2021. OHLA believes that the files accessed included records of employee payroll and information related to OHLA’s employee benefit plan.

Also Read: How CISOs Can Effectively Assess the Health of Cybersecurity Programs

These files included, among other things, names, addresses, telephone numbers, part or all of the social security numbers, and certain bank account information, but not passwords or access codes. OHLA reported the incident to the authorities and immediately began an investigation to secure their surroundings, expel the third party and determine the time of the incident.

On May 4, 2021, OHLA began sending notification letters by postal mail to individuals whose personal information may have been contained in the accessed files. That notice included an offer from OHLA to provide 24 months of courtesy of credit monitoring and identity protection services to affected individuals.

OHLA also informed affected persons that they should be alert by reviewing their financial statements and credit reports and, if any suspicious activity is detected, immediately notify their financial institution or company and report any alleged incident of theft of identity to the authorities or your Attorney General.

To reduce the risk of something like this happening again, OHLA is updating its policies and procedures, reviewing its security measures and working to apply additional safeguards to protect its environment from future threats.

For more such updates follow us on Google News ITsecuritywire News.