STG International, Inc. (“STGi”) is providing notice of a recent event that may impact the privacy of certain individuals’ information. STGi is unaware of any actual or attempted misuse of individuals’ information as a result of this event.
What Happened? STGi became aware of suspicious activity related to an employee’s email account and promptly commenced an investigation to determine the nature and scope of the activity. The investigation determined that an email phishing campaign targeted certain employees’ email accounts and resulted in unauthorized person(s) intermittently logging into the accounts between October 22, 2020 and January 12, 2021.
However, the investigation was unable to determine which, if any, emails and attachments in the account were viewed by the unauthorized person(s). Out of an abundance of caution, STGi undertook a thorough review of the accounts’ contents to determine whether they contained any sensitive information. STGi recently completed this review and determined, on May 3, 2021, that information related to certain individuals was present in the email account during the relevant time period. STGi took additional steps to identify address information for individuals and worked to provide notice of this event as quickly as possible.
What Information Was Involved? STGi cannot confirm if the unauthorized person(s) accessed or viewed any specific information relating to individuals. However, STGi determined that the information present in the relevant accounts included a combination of certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, U.S. alien registration numbers, passport numbers, taxpayer identification numbers, employer-assigned identification numbers, payment card information, medical information, health insurance information, and/or online account credentials (i.e. usernames and passwords) Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible.
What We Are Doing. STGi has taken steps to enhance the security of its systems, including resetting the affected employees’ credentials, increasing conditional access protocols for email access outside of the United States, and requiring multifactor authentication for access to email. As part of its ongoing commitment to the privacy and security of information in its care, STGi is providing enhanced training to its broader employee base on the how to detect suspicious emails. STGi is also in the process of reviewing its existing policies and procedures to better prevent future events.
As an added precaution, STGi is providing access to 12 months of complimentary credit monitoring and identity restoration services through Kroll, along with guidance on how to better protect against the possibility of information misuse. The complimentary credit monitoring services will be available to individuals whose Social Security numbers or the equivalent were accessible as a result of this event.
What You Can Do. Individuals can find out more about how to protect themselves generally against the potential misuse of information by reviewing guidance on STGi’s website titled Steps You Can Take to Protect Information. You may access that information by visiting the Notice of Privacy Event posted on STGi’s
For more such updates follow us on Google News ITsecuritywire News.