Sound Generations Notifies its Clients and Other Affected Individuals of Data Security Incidents

47
Sound Generations Notifies its Clients and Other Affected Individuals of Data Security Incidents

Out of an abundance of caution, Sound Generations informs its clients and Other Affected Individuals of two data security incidents that may have resulted in unauthorized access of personal information. Sound Generations sincerely apologizes for these incidents and any inconvenience it may cause to its clients and Other Affected Individuals.  While Sound Generations is unaware of any fraudulent misuse of the personal information at this time, Sound Generations is providing details about the events, steps that Sound Generations is taking in response, and resources available to help its clients and Other Affected Individuals to protect against the potential misuse of their information.

Notification letters are being mailed to affected individuals. This notice is intended for those individuals who may not receive the notification letter because of incorrect or incomplete mailing addresses.

Our Organization: Sound Generations is a comprehensive 501c3 non-profit organization that serves older adults and adults with disabilities in King County, Washington. Our organization is Washington State’s largest provider of comprehensive services for aging adults in King County.  We strive to expand the provision of food security, transportation, health & wellness, and assistance services to underserved and marginalized populations. Our programs and affiliated service sites provide accessible resources and services across King County.

What HappenedSound Generations discovered that an unauthorized party gained access to its computer systems and encrypted information stored on our systems on July 18, 2021 and September 18, 2021. Sound Generations terminated the unauthorized access, and promptly commenced an investigation to determine the scope of the incidents. The investigation was unable to rule out that information stored on Sound Generations’ systems may have been accessed by an unauthorized party. After the conclusion of the third party’s forensics investigations, Sound Generations conducted its own investigation and due diligence to identify the affected individuals and the nature of their personal information that may have been compromised.  Sound Generations has determined that some of its client information has been potentially impacted following the incidents. This investigation was necessary to provide accurate information and notice to the potentially impacted individuals. To date, Sound Generations has no reason to believe that there was a misuse of the information pertaining to the potentially impacted individuals.

Also Read: Women in Cyber security Leadership: Dumping the Boys’ Club Rule Book

What Information Was Involved:  The personal information Sound Generations receives is typically limited to demographic and health information, including name, address, phone number, email, date of birth, and whether or not its clients have health insurance. For those individuals who participated in the EnhanceFitness program, their data may also include their health insurance number. Health history and health condition may also be included for those individuals who provided this information to Sound Generations. Please note that Sound Generations does not collect or store any of its client’s Social Security Numbers, drivers’ license numbers, financial account information, credit or debit card information.

Please note, however, that since becoming aware of these incidents, Sound Generations has received no indication that its client information has been used by the unauthorized actor or by any unauthorized party to commit fraud.  Sound Generations is providing notice of the incidents to its clients and Other Affected Individuals out of an abundance of caution.

What We Are DoingSound Generations values the privacy of its client information and will continue to do everything it can to protect it. Since the incident, Sound Generations has greatly enhanced its cybersecurity controls, including changing passwords and installing additional security on its systems.

What You Can Do:

  • You should always remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and by monitoring your credit report for suspicious or unusual activity.
  • Please notify your financial institution immediately if you detect any suspicious activity on any of your accounts, including unauthorized transactions or new accounts opened in your name that you do not recognize. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
  • You can request a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed below.
  • You have the right to file or obtain a police report if you experience identity fraud. Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide proof that you have been a victim. A police report is often required to dispute fraudulent items. You can generally report suspected incidents of identity theft to local law enforcement or to the Attorney General.
  • You can take steps recommended by the Federal Trade Commission to protect yourself from identity theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.

For more such updates follow us on Google News ITsecuritywire News