We are writing to notify you of an incident on behalf of our client, Title Nine Sports, Inc. ( Title Nine ).

Similar documents
September 29, 2017 VIA AND OVERNIGHT MAIL

Notice to Patients and Job Applicants Regarding Vendor Security Incident

9NFP. Return Mail Processing Center PO Box 6336 Portland, OR

Kris Kleiner Via to: March 2, 2018

NOTICE OF DATA BREACH

May 15, VIA

Noble House Hotels & Resorts Notifies Guests of Payment Card Security Incident

James E. Prendergast 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

3. Steps you have taken or plan to take relating to the incident.

Sian M. Schafle 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

Paul T. McGurkin, Jr Drummers Lane, Suite 302 Office: Wayne, PA Fax:

August 12, 2016 VIA AND OVERNIGHT MAIL

August 31, 2016 VIA AND OVERNIGHT MAIL

RE \\I. NO'V o s 2ms. CONSUMER PROlECl\ON

August 18, Re: Security Incident Notice. Dear Attorney General Ferguson:

fiu.n1 OI j& WllJ JAMS

ATG MI ADM Security Breach

~41ILIJ1\}dS NEW YORK, NY

BakerHostetler APR April 26, 2016 VIA OVERNIGHT DELIVERY

945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com

Huwro N&: \VIIJ.1.A}vi TEL April 18, 2016 FILENO

April 27, Dear John Sample:

Nature of the Data Event

October 30, 2017 File No VIA ELECTRONIC SUBMISSION

July 6, Data Security Incident. Dear Assistant Attorney General Ferguson:

Katten. July 14, Via Electronic Mail Only

MICHIGAN STATE UNIVERSITY

May 11, Via Office of the Attorney General 1125 Washington Street SE P.O. Box Olympia, WA

July 21, Data Security Incident. Dear Attorney General Ferguson:

L EW) S BRISBOIS BISGAARD. & SMITH LLP Fax: ATTORNEYS AT Law www, lewisbrisbols.com

Placing a Security Freeze on Your Credit Report

Notification of Rights for Texas Consumers

Citrus Valley Health Partners notifies patients of data security incident

! Required " Optional " Alterations Acceptable

McDonald Hop kins. January 23, Office of Washington Attorney General Consumer Protection Division 800 5th Ave, Suite 2000 Seattle, WA

Office of Privacy Protection Safeguarding Information for Your Future

Nature of the Data Security Incident ALBUQUERQUE ATLANTA BEAUMONT BOSTON CHARLESTON CHICAGO DALLAS DENVER FORT LAUDERDALE HOUSTON LAQUINTA

Edward J. Finn 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

How to Freeze Your Credit Files Tips for Consumers

Identity theft can occur even if you have been careful about protecting your personal information.

Equifax Phone: Address: Office of Fraud Assistance P.O. Box Atlanta, GA Internet:

DISCLOSURE REGARDING BACKGROUND INVESTIGATION

NAU Police Department s Identity Theft Victim s Packet

Identity Theft Victim s Packet

Take Charge: Fighting Back Against Identity Theft 37

Links are provided on to provide you with the information you need if you wish to obtain the following.

KANSAS STATE UNIVERSITY

Identity Theft Victim s Packet

Instructions for Completing the ID Theft Affidavit

Identity Theft Packet

IDENTITY THEFT PACKET

Get back your good name. Refuse to be a target of identity crime again.

FCRA SUMMARY OF RIGHTS

Instructions for Completing the ID Theft Affidavit

REINVESTIGATION REQUEST

Authorization for Consumer Reports and Investigative Consumer Reports

Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath...

How to Freeze Your Credit Files

Instructions for completing the ID Theft Affidavit

Product User Guide It s Your Credit. Keep It That Way with 5LINX Safe Score.

The Attorney General s Office established the Identity Theft Unit in response to increased identity theft incidents reported by Indiana citizens and

ID Theft Toolkit and Affidavit

A SUMMARY OF YOUR RIGHTS UNDER THE FAIR CREDIT REPORTING ACT CONSUMER RIGHTS NOTICE

Application for Employment

Resources for Victims of IDENTITY THEFT. HENNEPIN COUNTY CHIEFS OF POLICE and HENNEPIN COUNTY ATTORNEY S OFFICE

Burbridge Detective Agency Online Fax Form Print & Fax This Form To (219)

Identity Theft What to do if your identity is stolen

APPLICANT DISCLOSURE: This is a sample form for your use. Per FCRA, you must obtain a signed disclosure prior to ordering a background check.

Chadron State College

945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com

Motor Vehicle Report Risk Management Authorization

REINVESTIGATION REQUEST

WAKA-TV APPLICATION FOR EMPLOYMENT

CONSUMER DISCLOSURE AND AUTHORIZATION FORM. Disclosure Regarding Background Investigation

DISCLOSURE AND AUTHORIZATION FOR CONSUMER REPORTS

Thank you for your interest in employment at METEC! Please observe the following steps when applying for employment:

A Summary of Your Rights Under the Fair Credit Reporting Act

Background Report Dispute

DISCLOSURE AND AUTHORIZATION IMPORTANT PLEASE READ CAREFULLY BEFORE SIGNING ACKNOWLEDGMENT

How to Dispute Credit Report Errors

Pre-Adverse Action Notice

Pre-Employment Application

BACKGROUND CHECK DISCLOSURE DOCUMENT

Motor Vehicle Report Risk Management Authorization

DISCLOSURE OF BACKGROUND INVESTIGATION

Chadron State College

Consumer Dispute Form

COMPANYNAME. Address City, State, ZIP

Volunteer Service Agreement

Contents. Table Of. Glossary. Identity Theft? What is. How Do I Prevent Identity Theft? What Do I Do if My. Identity is Stolen? Help You.

13719 W. Greenfield Ave. PO Box New Berlin, WI 53151

Disclosure & Authorization Regarding Procurement of An Investigative Consumer Report

PERSONAL INQUIRY WAIVER AUTHORITY FOR RELEASE OF INFORMATION FORM (Consumer Disclosure and/or Investigation for Background Check)

BACKGROUND CHECK DISCLOSURE AND AUTHORIZATION FORM

Disclosure Regarding Employment Background Report ( COMPANY ) may obtain from Sterling Infosystems, Inc. ( STERLING ), 1 State Street, New York, NY

APPLICATION FOR EMPLOYMENT EQUAL OPPORTUNITY EMPLOYER

APPROVED ATTORNEY APPLICATION (North Carolina)

Disclosure Statement and Authorization

BACKGROUND CHECK DISCLOSURE

DELAWARE RIVER JOINT TOLL BRIDGE COMMISSION Administration Building 110 Wood and Grove Street Morrisville, Pennsylvania 19067

Transcription:

November 12, 2018 Craig A. Hoffman direct dial: 513.929.3491 cahoffman@bakerlaw.com VIA EMAIL (SECURITYBREACH@ATG.WA.GOV) Attorney General Bob Ferguson Office of the Washington Attorney General Consumer Protection Division 800 5th Ave, Suite 2000 Seattle, WA 98104-3188 Re: Incident Notification Dear Sir or Madam: We are writing to notify you of an incident on behalf of our client, Title Nine Sports, Inc. ( Title Nine ). On August 6, 2018, Title Nine was notified by one of its third-party vendors, Social Annex, Inc. dba Annex Cloud ( Annex Cloud ) that it had identified and removed unauthorized code that was inserted into Annex Cloud s systems that operate its login application. Annex Cloud s application enables individuals to use their user name and password from social media and other websites, like Facebook and Google, to checkout on merchants websites, including www.titlenine.com. In its August 6, 2018 report, Annex Cloud identified four periods of time when the unauthorized code was present and could have captured information entered during the checkout process on its website. Upon learning this, Title Nine began working with its e-commerce platform provider, Kibo Software, Inc., and Annex Cloud to determine what impact the added code would have. On September 7, 2018, Title Nine mailed letters to customers who entered information during the checkout process during the four time periods identified by Annex Cloud to let them know what occurred, including to 43 Washington residents. Despite its first report that only identified four time periods, Annex Cloud informed Title Nine that they had identified additional time periods between December 28, 2017 and July 9, 2018 when the unauthorized code was or could have been present. If present, the unauthorized code could have captured information entered during the checkout process, including name, address, payment card number, expiration date, and card security code (CVV). Through October 25, 2018, Title Nine sought additional information from Annex Cloud to determine the transactions that might be involved, and Annex Cloud supplied additional information about their analysis regarding these periods, including their belief that there

Office of the Washington Attorney General November 12, 2018 Page 2 are certain times inside these additional periods when it cannot be determined if the unauthorized code was present. However, Title Nine did not exclude these times within these additional periods when identifying individuals to notify. Beginning on November 12, 2018, Title Nine will provide written notifications via United States Postal Service First-Class mail to 4,837 Washington residents who entered information during the checkout process during the additional time periods identified by Annex Cloud. A copy of the notification letter is enclosed. Title Nine is providing notice as soon as possible in compliance with Wash. Rev. Code 19.255.010 after working to obtain information needed from Annex Cloud to determine how to identify the additional individuals to notify. To prevent this from happening again, Title Nine has removed Annex Cloud s Social Login application and is continuing to take steps to strengthen the security of its website. Sincerely, Please do not hesitate to contact me if you have any questions regarding this matter. Craig A. Hoffman Enclosure

Return Mail Processing Center P.O. Box 6336 Portland, OR 97228-6336 <<Mail ID>> <<Name 1>> <<Name 2>> <<Address 1>> <<Address 2>> <<Address 3>> <<Address 4>> <<Address 5>> <<City>><<State>><<Zip>> <<Country>> <<Date>> Dear <<Name 1>>: Title Nine values the relationship we have with our customers and understands the importance of protecting customer information. We are writing to inform you about an incident involving one of our third-party vendors, Annex Cloud, that may involve some of your information. This notice explains the incident, measures that have been taken, and some steps you can take in response. Annex Cloud provides a service that enables individuals to use their user name and password from social media and other websites, like Facebook and Google, to login to merchants websites, including www.titlenine.com. Annex Cloud recently informed Title Nine that they had detected and removed unauthorized code that had been inserted into Annex Cloud s systems that operate its login application. In its report, Annex Cloud identified four periods of time when the unauthorized code was present and could have captured information entered during the checkout process on our website. We removed Annex Cloud s code from our website and mailed letters to those customers to let them know what occurred. Despite its first report that only identified four time periods, Annex Cloud informed Title Nine that they had identified additional time periods between December 28, 2017 and July 9, 2018 when the unauthorized code was or could have been present. If present, the unauthorized code could have captured information entered during the checkout process on our website, including name, address, payment card number, expiration date, and card security code (CVV). Through October 25, 2018, Title Nine sought additional information from Annex Cloud to determine the transactions that might be involved, and Annex Cloud supplied additional information about their analysis regarding these periods, including their belief that there are certain times inside these additional periods when it cannot be determined if the unauthorized code was present. Thus, we are notifying you because you entered information during the checkout process during a time period when it is possible the unauthorized code may have been present. We remind you to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized charges. You should immediately report any unauthorized charges to your card issuer because payment card network rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take. We regret that this incident occurred and apologize for any inconvenience. To help prevent a similar incident from occurring in the future, Title Nine has removed the Annex Cloud application and is continuing to take steps to strengthen the security of our website. If you have questions, please call 888-238-0615, Monday to Friday, from 6 a.m. to 6 p.m., Pacific Time. Sincerely, Johnny Lin Johnny Lin President W1881 v.03 11.09.2018

ADDITIONAL STEPS YOU CAN TAKE We recommend that you remain vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows: Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111 Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742 TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800 If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, www.ftc.gov/idtheft, 1-877-IDTHEFT (438-4338) If you are a resident of Connecticut, Maryland, or North Carolina, you may contact and obtain information from your state attorney general at: Connecticut Attorney General s Office, 55 Elm Street, Hartford, CT 06106 www.ct.gov/ag, 1-860-808-5318 Maryland Attorney General s Office, 200 St. Paul Place, Baltimore, MD 21202 www.oag.state.md.us, 1-888-743-0023 (toll free when calling within Maryland) 1-410-576-6300 (for calls originating outside Maryland) North Carolina Attorney General s Office, 9001 Mail Service Center, Raleigh, NC 27699, www.ncdoj.gov, 1-919-716-6400 or toll free at 1-877-566-7226 If you are a resident of West Virginia, you have the right to ask that nationwide consumer reporting agencies place fraud alerts in your file to let potential creditors and others know that you may be a victim of identity theft, as described below. You also have a right to place a security freeze on your credit report, as described below. Fraud Alerts: There are two types of fraud alerts you can place on your credit report to put your creditors on notice that you may be a victim of fraud an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for at least 90 days. You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. You can place a fraud alert on your credit report by contacting any of the three national credit reporting agencies. Credit Freezes: You have the right to put a credit freeze, also known as a security freeze, on your credit file, free of charge, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a security freeze may delay your ability to obtain credit. There is no fee to place or lift a security freeze. Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit reporting company. For information and instructions to place a security freeze, contact each of the credit reporting agencies at the addresses below: Equifax Security Freeze, PO Box 105788, Atlanta, GA 30348, www.equifax.com Experian Security Freeze, PO Box 9554, Allen, TX 75013, www.experian.com TransUnion Security Freeze, PO Box 2000, Chester, PA 19016, www.transunion.com W1882 v.03 11.09.2018

In order to request a security freeze, you will need to provide the following information: 1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.) 2. Social Security number 3. Date of birth 4. If you have moved in the past five years, provide the addresses where you have lived over the prior five years 5. Proof of current address such as a current utility bill or telephone bill 6. A legible photocopy of a government issued identification card (state driver s license or ID card, military identification, etc.) 7. If you are a victim of identity theft, include a copy of the police report, investigative report, or complaint to a law enforcement agency concerning identity theft The credit reporting agencies have one business day after receiving your request by toll-free telephone or secure electronic means, or three business days after receiving your request by mail, to place a security freeze on your credit report. The credit bureaus must also send written confirmation to you within five business days and provide you with a unique personal identification number ( PIN ) or password or both that can be used by you to authorize the removal or lifting of the security freeze. To lift the security freeze in order to allow a specific entity or individual access to your credit report, or to lift a security freeze for a specified period of time, you must submit a request through a toll-free telephone number, a secure electronic means maintained by a credit reporting agency, or by sending a written request via regular, certified, or overnight mail to the credit reporting agencies and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze as well as the identity of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit reporting agencies have one business day after receiving your request by toll-free telephone or secure electronic means, or three business days after receiving your request by mail, to lift the security freeze for those identified entities or for the specified period of time. To remove the security freeze, you must submit a request through a toll-free telephone number, a secure electronic means maintained by a credit reporting agency, or by sending a written request via regular, certified, or overnight mail to each of the three credit bureaus and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have one business day after receiving your request by toll-free telephone or secure electronic means, or three business days after receiving your request by mail, to remove the security freeze. Fair Credit Reporting Act: You also have rights under the federal Fair Credit Reporting Act, which promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. The FTC has published a list of the primary rights created by the FCRA (https://www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf), and that article refers individuals seeking more information to visit www.ftc.gov/credit. The FTC s list of FCRA rights includes: You have the right to receive a copy of your credit report. The copy of your report must contain all the information in your file at the time of your request. Each of the nationwide credit reporting companies Experian, TransUnion and Equifax is required to provide you with a free copy of your credit report, at your request, once every 12 months. You are also entitled to a free report if a company takes adverse action against you, like denying your application for credit, insurance, or employment, and you ask for your report within 60 days of receiving notice of the action. The notice will give you the name, address, and phone number of the credit reporting company. You re also entitled to one free report a year if you re unemployed and plan to look for a job within 60 days; if you re on welfare; or if your report is inaccurate because of fraud, including identity theft. You have the right to ask for a credit score. You have the right to dispute incomplete or inaccurate information. Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Consumer reporting agencies may not report outdated negative information. Access to your file is limited. And you must give your consent for reports to be provided to employers. You may limit prescreened offers of credit and insurance you get based on information in your credit report. You may seek damages from violators. Identity theft victims and active duty military personnel have additional rights. W1883 v.03 11.09.2018

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback