August 18, Re: Security Incident Notice. Dear Attorney General Ferguson:

Similar documents
Kris Kleiner Via to: March 2, 2018

September 29, 2017 VIA AND OVERNIGHT MAIL

3. Steps you have taken or plan to take relating to the incident.

May 15, VIA

July 6, Data Security Incident. Dear Assistant Attorney General Ferguson:

fiu.n1 OI j& WllJ JAMS

James E. Prendergast 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

ATG MI ADM Security Breach

We are writing to notify you of an incident on behalf of our client, Title Nine Sports, Inc. ( Title Nine ).

October 30, 2017 File No VIA ELECTRONIC SUBMISSION

April 27, Dear John Sample:

Noble House Hotels & Resorts Notifies Guests of Payment Card Security Incident

MICHIGAN STATE UNIVERSITY

9NFP. Return Mail Processing Center PO Box 6336 Portland, OR

Nature of the Data Event

NOTICE OF DATA BREACH

Notice to Patients and Job Applicants Regarding Vendor Security Incident

RE \\I. NO'V o s 2ms. CONSUMER PROlECl\ON

May 11, Via Office of the Attorney General 1125 Washington Street SE P.O. Box Olympia, WA

August 31, 2016 VIA AND OVERNIGHT MAIL

Sian M. Schafle 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

~41ILIJ1\}dS NEW YORK, NY

Paul T. McGurkin, Jr Drummers Lane, Suite 302 Office: Wayne, PA Fax:

August 12, 2016 VIA AND OVERNIGHT MAIL

Huwro N&: \VIIJ.1.A}vi TEL April 18, 2016 FILENO

945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com

July 21, Data Security Incident. Dear Attorney General Ferguson:

Nature of the Data Security Incident ALBUQUERQUE ATLANTA BEAUMONT BOSTON CHARLESTON CHICAGO DALLAS DENVER FORT LAUDERDALE HOUSTON LAQUINTA

L EW) S BRISBOIS BISGAARD. & SMITH LLP Fax: ATTORNEYS AT Law www, lewisbrisbols.com

Citrus Valley Health Partners notifies patients of data security incident

Edward J. Finn 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

BakerHostetler APR April 26, 2016 VIA OVERNIGHT DELIVERY

McDonald Hop kins. January 23, Office of Washington Attorney General Consumer Protection Division 800 5th Ave, Suite 2000 Seattle, WA

Katten. July 14, Via Electronic Mail Only

How to Freeze Your Credit Files Tips for Consumers

Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath...

Instructions for Completing the ID Theft Affidavit

Equifax Phone: Address: Office of Fraud Assistance P.O. Box Atlanta, GA Internet:

Office of Privacy Protection Safeguarding Information for Your Future

IDENTITY THEFT PACKET

Resources for Victims of IDENTITY THEFT. HENNEPIN COUNTY CHIEFS OF POLICE and HENNEPIN COUNTY ATTORNEY S OFFICE

Placing a Security Freeze on Your Credit Report

Identity theft can occur even if you have been careful about protecting your personal information.

945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com

Identity Theft Packet

Get back your good name. Refuse to be a target of identity crime again.

When Your Child s Identity Is Stolen

Take Charge: Fighting Back Against Identity Theft 37

Notification of Rights for Texas Consumers

Instructions for Completing the ID Theft Affidavit

ID Theft Toolkit and Affidavit

Truro Police Department IDENTITY THEFT. Policy Number: OPS-6.06A Effective Date: April 20, 2008 REFERENCE: I. GENERAL CONSIDERATIONS AND GUIDELINES

IDENTITY THEFT ADDITIONAL INFORMATION FORM Submittal Instructions

The Attorney General s Office established the Identity Theft Unit in response to increased identity theft incidents reported by Indiana citizens and

DISCLOSURE REGARDING BACKGROUND INVESTIGATION

How to Freeze Your Credit Files

Instructions for completing the ID Theft Affidavit

Identity Theft What to do if your identity is stolen

Credit Freeze Instructions for Minors

Identity Theft Victim s Packet

Identity Theft Victim s Packet

Links are provided on to provide you with the information you need if you wish to obtain the following.

Identity Protection Services

NAU Police Department s Identity Theft Victim s Packet

KANSAS STATE UNIVERSITY

Identity thieves use a variety of ways to gain access to your personal information:

Borrowing Guide for Small Businesses. Presented by Frost Bank November 15, 2016

Frequently Asked Questions

Frequently Asked Questions

Contents. Table Of. Glossary. Identity Theft? What is. How Do I Prevent Identity Theft? What Do I Do if My. Identity is Stolen? Help You.

Call for assistance with registration and activation. You will be asked for your Access Code if registering by phone.

WHAT DO MANY OF US HAVE IN COMMON WITH. Tiger Woods Oprah Winfrey Martha Stewart Warren Buffet Tom Cruise

! Required " Optional " Alterations Acceptable

Services and Features

Services & Features for Employee Benefit Members

Huntington Director Outlook Series I/IR. Talcott Resolution Life Insurance Company Separate Account Two. File No

Benefits Handbook Date November 1, Identity Theft Plan MMC

Benefits Handbook Date March 1, Identity Theft Plan MMC

TAKING CHARGE WHAT TO DO IF YOUR IDENTITY IS STOLEN FEDERAL TRADE COMMISSION FTC.GOV/IDTHEFT

Identity Theft Handbook Steps to Protect Yourself What to Do If You Are a Victim Policies to Reduce Identity Theft. MaryPIRG Foundation

Consent to Use of Electronic Records and Signatures

How to Dispute Credit Report Errors

Sorry to hear your Equifax information was likely compromised. The key to keeping safe now is:

Product User Guide It s Your Credit. Keep It That Way with 5LINX Safe Score.

Identity Theft. Emergency Repair Kit Beavercreek Marketing, a division of Beavercreek Inc. All rights reserved.

Understanding TransUnion s Credit-based Insurance Scores

Talcott Resolution Life Insurance Company or Talcott Resolution Life and Annuity Insurance Company

Take Charge: Wise Use of Credit Cards. Brought to you by ALEC

MONROE COUNTY SHERIFF S OFFICE. General Order

CLAIM FORM (PRE-CLAIMS DEADLINE) GENERAL INSTRUCTIONS SETTLEMENT OVERVIEW

B. The College is considered a "creditor" under the Red Flags Rule because it defers payment for services rendered.

Financial literacy. Debt load. Card options

PROCEDURE. This procedure is intended to identify third party arrangements and red flags involving College activities that will:

What is Identity Theft? How does identity theft occur? What do I do if I become a victim?

Subject: Identity Theft, G-113 Department: All & Branches References: Part 717, NCUA Rules and Regs, FACT Act, Companion SOP s G-30 (Opening New

Authorization for Consumer Reports and Investigative Consumer Reports

Volume 2 Your Credit Report and Your Rights

Get the most out of your membership

FirstReport Stay Protected & Informed

Reviewing C YouR CRedit RepoRt

Transcription:

1300 SW Fifth Avenue, Suite 2400 Portland, OR 97201-5610 Sean B. Hoar 503-778-5396 tel 503-778-5299 fax seanhoar@dwt.com August 18, 2016 Mr. Bob Ferguson Attorney General Washington State Office of the Attorney General 1125 Washington Street SE P.O. Box 40100 Olympia, WA 98504 Re: Security Incident Notice Dear Attorney General Ferguson: I represent Eddie Bauer, LLC, headquartered in Bellevue, Washington. This letter is being sent pursuant to Wash. Rev. Code 19.255.010-.020 because Eddie Bauer determined on August 11, 2016 that 73,508 residents of Washington may have had their payment card information affected by an information security incident. Eddie Bauer determined that its retail store point of sale systems may have been accessed without authorization on July 15, 2016, but due to the sophistication of the attack and the complexity of the forensics investigation, we were not able to determine the identity of the affected cardholders until August 11, 2016. As soon as Eddie Bauer learned that its systems were affected, it engaged a digital forensics firm to investigate the matter. The investigation discovered that its point of sale systems were targeted by sophisticated malware that had also targeted restaurants, hotels, and other retailers. Payment card information used for online purchases at eddiebauer.com was not affected. We are working closely with the FBI to identify the perpetrator(s), and will provide whatever cooperation is necessary to do so. We also notified the payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used during the timeframe in which cards may have been compromised. We have also enhanced the security of our point of sale systems, with the goal of making it more difficult for a similar incident to occur in the future. Eddie Bauer is in the process of notifying all affected consumers with the attached letter. As referenced in the letter, they will provide 12 months of credit monitoring and identity protection services to affected consumers through Kroll.

August 18, 2016 Page two Please contact me should you have any questions. Sincerely, Davis Wright Tremaine LLP Sean B. Hoar cc: Domenick Gallo, General Counsel Eddie Bauer, LLC

<<MemberFirstName>> <<MemberLastName>> <<Address1>> <<Address2>> <<City>>, <<State>> <<Zip Code>> August 18, 2016 Subject: Notice of Data Security Incident Dear <<MemberFirstName>> <<MemberLastName>>, We are writing to inform you of a data security incident that may have involved your payment card information. We take the privacy and security of your information very seriously. This is why we are contacting you, offering you identity protection services, and informing you about steps that can be taken to protect your payment card information. What Happened? We recently learned that point of sale systems at Eddie Bauer retail stores may have been accessed without our authorization. We immediately initiated a full investigation with third-party digital forensic experts. On August 11, 2016 we received confirmation that your payment card information used at one or more of our retail stores (payment card ending in <<ClientDef1(Payment Card Number)>>) may have been accessed without authorization. This may have occurred on various dates between January 2, 2016 and July 17, 2016. Not all cardholder transactions during this period were affected, but out of an abundance of caution, we are notifying you of the incident and offering you identity protection services. Payment card information used for online purchases at eddiebauer.com was not affected. What Information Was Involved? The information included your name, payment card number, security code and expiration date. What Are We Doing? We are notifying you of the incident and are providing you information about the steps you can take to protect your payment card information. We have also arranged to have Kroll, a global leader in risk mitigation and response, provide you complimentary services for 12 months. We are also working closely with the FBI to identify the perpetrator(s), and will provide whatever cooperation is necessary to do so. We also notified the payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used during the timeframe in which cards may have been compromised. Finally, the security of our point of sale systems has been enhanced, with the goal of making it more difficult for a similar incident to occur in the future. What You Can Do: You can follow the recommendations on the following pages to protect your personal information. You can also enroll in the services we are offering through Kroll, at no cost to you. To receive credit services, you must be over the age of 18 and have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file. Your services start on the date of this notice and can be used at any time during the next 12 months. They will include credit monitoring and identity consultation and restoration. Visit https://kroll.idmonitoringservice.com to take advantage of these services. Your membership number is <<Member ID>>. To receive credit services by mail instead of online, please call 1-855-294-2549. Additional information describing your services is included with this letter. For More Information: Further information about how to how to protect your personal information appears on the following pages. If you have questions or need assistance, call 1-855-294-2549, 8:00 a.m. to 5:00 p.m. (Central Time), Monday through Friday. Kroll s licensed investigators are standing by to assist you. Please have your membership number ready. 9300KS-0816

Protecting our customers personal information and maintaining your trust is of paramount importance to Eddie Bauer. We sincerely apologize for any inconvenience this incident has caused you. Sincerely, Mike Egeck Chief Executive Officer Eddie Bauer

Information about Protecting Personal Information Review Your Account Statements and Notify Issuing Bank & Law Enforcement of Suspicious Activity: It is recommended that you remain vigilant for any incidents of fraud or identity theft by regularly reviewing credit card account statements and your credit report for unauthorized activity. If you detect any suspicious activity on an account, we recommend you contact your issuing bank immediately to either freeze or close the account. You may also report any fraudulent activity or any suspected identity theft to local law enforcement, the Federal Trade Commission (FTC), or your respective state Attorney General. Residents of Massachusetts and Rhode Island have the right to obtain any police report filed in regard to this incident. Copy of Free Credit Report: You may obtain a free copy of your credit report from the following national consumer reporting agencies or from the Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281, 1-877-322-8228, www.annualcreditreport.com: Equifax: P.O. Box 105139, Atlanta, Georgia 30374-0241, 1-800-685-1111, www.equifax.com Experian: P.O. Box 2002, Allen, TX 75013, 1-888-397-3742, www.experian.com TransUnion: P.O. Box 6790, Fullerton, CA 92834-6790, 1-800-916-8800, www.transunion.com Additional Free Resources on Identity Theft: You can obtain information from the consumer reporting agencies, the FTC, or your respective state Attorney General about steps you can take toward preventing identity theft. The FTC may be contacted at FTC, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, 1-877-438-4338, www.ftc.gov/idtheft. For residents of Maryland, North Carolina, and Rhode Island: Residents of Maryland, North Carolina and Rhode Island can also obtain information about preventing and avoiding identity theft from their attorneys general at the addresses below, and from the Federal Trade Commission. Maryland Office of the North Carolina Office of the Rhode Island Office of the Attorney General Attorney General Attorney General Consumer Protection Division Consumer Protection Division 150 South Main Street 200 St. Paul Place 9001 Mail Service Center Providence, RI 02903 Baltimore, MD 21202 Raleigh, NC 27699-9001 (401) 274-4400 1-888-743-0023 1-877-566-7226 http://www.riag.ri.gov www.oag.state.md.us www.ncdoj.com Fraud Alerts: There are two types of fraud alerts that you can place on your credit report to put your creditors on notice that you may be a victim of fraud: an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for at least 90 days. You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. You can place a fraud alert on your credit report by calling the toll-free fraud number of any of the three national consumer reporting agencies listed below: Equifax: 1-800-525-6285, www.equifax.com Experian: 1-888-397-3742, www.experian.com TransUnion: 1-800-680-7289, www.transunion.com Credit Freezes (for Non-Massachusetts Residents): You may have the right to put a credit freeze, also known as a security freeze, on your credit file, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A credit freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. In addition, you may incur fees to place, lift and/or remove a credit freeze. Credit freeze laws vary from state to state. The cost of placing, temporarily lifting, and removing a credit freeze also varies by state, generally $5 to $20 per action at each credit reporting agency. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement. Since the instructions for how to

establish a credit freeze differ from state to state, please contact the three major consumer reporting agencies as specified below to find out more information: Equifax: P.O. Box 105788, Atlanta, GA 30348, www.equifax.com Experian: P.O. Box 9554, Allen, TX 75013, www.experian.com TransUnion: P.O. Box 2000, Chester, PA, 19022-2000, www.transunion.com You can obtain more information about fraud alerts and credit freezes by contacting the FTC or one of the national consumer reporting agencies listed above. TAKE ADVANTAGE OF YOUR COMPLIMENTARY SERVICES You ve been provided with access to the following services 1 from Kroll: Credit Monitoring through TransUnion You ll receive alerts when there are changes to your credit data for instance, when a new line of credit is applied for in your name. If you do not recognize the activity, you ll have the option to call a Kroll investigator, who can help you determine if it s an indicator of identity theft. Identity Consultation You have unlimited access to consultation with a dedicated licensed investigator at Kroll. Support includes showing you the most effective ways to protect your identity, explaining your rights and protections under the law, assistance with fraud alerts, and interpreting how personal information is accessed and used, including investigating suspicious activity that could be tied to an identity theft event. Identity Restoration If you become a victim of identity theft, an experienced licensed investigator will work on your behalf to resolve related issues. You will have access to a dedicated investigator who understands your issues and will do most of the work for you. Your investigator can dig deep to uncover all aspects of the identity theft, and then work to resolve it. 1 Kroll s activation website is only compatible with the current version or one version earlier of Internet Explorer, Chrome, Firefox, and Safari. To receive credit services, you must be over the age of 18 and have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback