Cyber Breach

NOTIFICATION OF A DATA BREACH

Kingston, NY — Family of Woodstock, Inc. (“FOW”) is a non-profit network of individuals whose mission is to provide fully accessible crisis intervention, information, prevention, and support services to address the needs of individuals and families. FOW provides extensive services in the areas of homelessness, domestic violence, emergency shelter, child care, reentry and restorative justice services.

FOW announced today that it recently became aware of a data privacy incident impacting its servers, which contained protected health and personal information of some of FOW’s clients and employees. FOW is committed to keeping the community informed, communicating about the steps it is taking toward resolution, and ensuring impacted individuals have the tools they need to minimize the impact of the incident. As such, FOW sent notification of this incident to potentially impacted individuals and is providing resources to assist them.

On August 3, 2021, FOW discovered that they were the victim of a sophisticated cyber incident. After discovering the incident, FOW quickly took steps to secure and safely restore its systems and operations. Further, FOW immediately engaged third-party forensic experts to conduct a thorough investigation of the incident’s nature and scope and assist in remediation efforts, and contacted both the local district attorney and the FBI. On September 11, 2021, FOW concluded its initial investigation and determined that the incident potentially involved protected health and personal information.

FOW is notifying those potentially impacted by this incident by mail (if possible) and providing steps that can be taken to protect their information, including complimentary identity monitoring and protection services. FOW recommends that these individuals enroll in the services provided and follow the recommendations contained within the notification letter to increase the likelihood that their information remains protected. As of the date of this release, FOW has no evidence indicating misuse of any information. Notification to individuals potentially affected by this incident is being performed out of an abundance of caution and pursuant to the organization’s obligations under the Health Insurance Portability and Accountability Act (HIPAA).

Further, after reviewing the potentially impacted protected health and personal information, FOW determined that it may include demographic information (i.e., first and last names, addresses, telephone numbers, email addresses, dates of birth), social security numbers, driver’s license numbers, medical information (i.e., medical record numbers, medical history, diagnosis, treatment, condition, or similar medical information), and health insurance information.

 As stated above, it is important to note that FOW has no evidence of misuse of any information as of the date of this release.

In response to this incident, FOW has implemented cybersecurity safeguards; is enhancing its cybersecurity policies, procedures, and protocols; and is implementing additional employee cybersecurity training.

As a precautionary measure, FOW recommends that individuals remain vigilant by closely reviewing their account statements and credit reports. If individuals detect any suspicious activity, FOW strongly advises that they promptly notify the financial institution or company that maintains the account. Please see “Other Important Information” for more information and tips regarding protecting personal information and safeguarding from identity theft.

For individuals seeking more information or questions, please call the dedicated toll-free helpline set up specifically for this purpose at 1-800-405-6108, Monday through Friday, 8:00am. to 8:00 p.m. (EST). In addition, individuals seeking to contact FOW directly may write to P.O. Box 3516, Kingston, NY 12402 or email cyberinquiry@familyofwoodstockinc.org

OTHER IMPORTANT INFORMATION

Obtain and Monitor Your Credit Report. We recommend that you obtain a free copy of your credit report from each of the three nationwide credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348.  You can access the request form at https://www.annualcreditreport.com/requestReport/requestForm.action

Alternatively, you can elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies. The three nationwide credit reporting agencies’ contact information are provided below to request a copy of your credit report or general identified above inquiries.

Equifax                            Experian                             TransUnion
(888) 766-0008             (888) 397-3742                    (800) 680-7289
P.O. Box 740256              P.O. Box 2104                      P.O. Box 6790
Atlanta, GA 30374          Allen, TX 75013                Fullerton, CA 92834
www.equifax.com         www.experian.com        www.transunion.com

Security Freeze (also known as a Credit Freeze). Following is general information about how to request a security freeze from the three credit reporting agencies. While we believe this information is accurate, you should contact each agency for the most accurate and up-to-date information. A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization.  However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing, or other services. In addition, in some states, the agency cannot charge you to place, lift or remove a security freeze.  There might be additional information required, and as such, to find out more information, please contact the three nationwide credit reporting agencies (contact information provided above).


Equifax Security Freeze P.O. Box 105788 Atlanta, GA 30348 https://www.equifax.com/personal/credit-report-services/credit-freeze/
Experian Security Freeze P.O. Box 9554 Allen, TX 75013 www.experian.com/freeze  TransUnion Security Freeze & Fraud Victim Assistance Dept. P.O. Box 6790 Fullerton, CA 92834 https://www.transunion.com/credit-freeze  

Consider Placing a Fraud Alert on Your Credit Report. You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least twelve months. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you before establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three nationwide credit reporting agencies identified above. Additional information is available at https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/

Remain Vigilant, Review Your Account Statements and Notify Law Enforcement of Suspicious Activity. As a precautionary measure, we recommend that you remain vigilant by closely reviewing your account statements and credit reports. If you detect any suspicious activity on an account, we strongly advise that you promptly notify the financial institution or company that maintains the account. Further, you should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including your state attorney general and the Federal Trade Commission (FTC). To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.

Take Advantage of Additional Free Resources on Identity Theft. We recommend that you review the tips provided by the Federal Trade Commission’s Consumer Information website, a valuable resource with some helpful tips on how to protect your information. Additional information is available at https://www.consumer.ftc.gov/topics/privacy-identity-online-security. For more information, please visit IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). In addition, a copy of Identity Theft – A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC’s website at https://www.consumer.ftc.gov/articles/pdf 0009_identitytheft_a_recovery_plan.pdf.