Red Roof confirmed today that they experienced a data incident on September 23, 2023 and issued notices to potentially-affected individuals and relevant state agencies about the incident.
What Happened?
On September 23, 2023, Red Roof detected suspicious activity within its systems and immediately began an investigation. The activity was soon identified as bearing the hallmarks of a ransomware attack, including the encryption of a limited subset of Red Roof data. Upon discovery, Red Roof immediately took the affected systems offline and began working to remedy the situation, including resetting passwords and reporting the situation to federal law enforcement. As a result of its incident response measures, Red Roof successfully confined the unauthorized access to only a small number of systems compared to its overall infrastructure.
Red Roof engaged leading data security professionals to support its investigation and response. Red Roof’s investigation found that an unauthorized actor gained access to a limited number of Red Roof’s systems before deploying ransomware. The investigation was also able to confirm that a limited amount of data was copied from Red Roof’s network. Accordingly, Red Roof analyzed the relevant data to confirm the identities of individuals whose information was potentially involved for the purpose of sending this notification. There is currently no indication that any Information has been misused for identity theft or fraud in connection with this Incident.
What Information Was Involved?
Red Roof can confirm that the Incident did not involve any Red Roof guest data. Red Roof determined that the categories of personal information in the copied data included, but were limited to, name, date of birth, social security number, driver’s license number, passport number, financial account number, credit and/or debit card number, medical information, and health insurance information. Please note that the circumstances are different for each individual. This notice describes the general categories of information involved in the incident, and not every category applies to each individual.
What Red Roof Is Doing.
Upon becoming aware of the unauthorized activity, Red Roof immediately implemented measures to further improve the security of Red Roof’s information technology systems and practices, including implementing software and hardware to prevent, detect, and respond to unauthorized activity, resetting and strengthening passwords, implementing new risk management protocols, and adopting new network access policies. Red Roof worked with leading cybersecurity experts to aid its investigation and response, and Red Roof reported this incident to relevant government agencies and federal law enforcement.
Additionally, although Red Roof is not aware of any misuse of any affected individuals’ Information for identity theft or fraud in relation to the Incident, Red Roof is offering credit monitoring services free of charge to potentially affected individuals for 24 months. Towards that end, we secured the services of IDX, a ZeroFox Company, to provide identity monitoring services including Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
Also Read: Two Types of DDoS Attacks to Look out for in 2024
What Individuals Can Do.
Red Roof encourages potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their free credit reports for suspicious activity and to detect errors.
Potentially affected individuals can also enroll in the credit monitoring services that Red Roof is offering at no cost.
Potentially affected individuals seeking additional information, including information about whether their Information was involved and their eligibility for complimentary credit monitoring, may call Red Roof’s toll-free assistance line at 1-888-566-6357, Monday through Friday from 9am– 9pm Eastern Time.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
