James E. Prendergast 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

Similar documents
Paul T. McGurkin, Jr Drummers Lane, Suite 302 Office: Wayne, PA Fax:

Sian M. Schafle 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

Nature of the Data Event

We are writing to notify you of an incident on behalf of our client, Title Nine Sports, Inc. ( Title Nine ).

September 29, 2017 VIA AND OVERNIGHT MAIL

NOTICE OF DATA BREACH

Notice to Patients and Job Applicants Regarding Vendor Security Incident

Edward J. Finn 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:

L EW) S BRISBOIS BISGAARD. & SMITH LLP Fax: ATTORNEYS AT Law www, lewisbrisbols.com

Kris Kleiner Via to: March 2, 2018

August 18, Re: Security Incident Notice. Dear Attorney General Ferguson:

3. Steps you have taken or plan to take relating to the incident.

Noble House Hotels & Resorts Notifies Guests of Payment Card Security Incident

July 6, Data Security Incident. Dear Assistant Attorney General Ferguson:

Nature of the Data Security Incident ALBUQUERQUE ATLANTA BEAUMONT BOSTON CHARLESTON CHICAGO DALLAS DENVER FORT LAUDERDALE HOUSTON LAQUINTA

May 15, VIA

9NFP. Return Mail Processing Center PO Box 6336 Portland, OR

October 30, 2017 File No VIA ELECTRONIC SUBMISSION

945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com

fiu.n1 OI j& WllJ JAMS

August 12, 2016 VIA AND OVERNIGHT MAIL

ATG MI ADM Security Breach

July 21, Data Security Incident. Dear Attorney General Ferguson:

~41ILIJ1\}dS NEW YORK, NY

RE \\I. NO'V o s 2ms. CONSUMER PROlECl\ON

August 31, 2016 VIA AND OVERNIGHT MAIL

Katten. July 14, Via Electronic Mail Only

May 11, Via Office of the Attorney General 1125 Washington Street SE P.O. Box Olympia, WA

April 27, Dear John Sample:

MICHIGAN STATE UNIVERSITY

Huwro N&: \VIIJ.1.A}vi TEL April 18, 2016 FILENO

McDonald Hop kins. January 23, Office of Washington Attorney General Consumer Protection Division 800 5th Ave, Suite 2000 Seattle, WA

BakerHostetler APR April 26, 2016 VIA OVERNIGHT DELIVERY

Office of Privacy Protection Safeguarding Information for Your Future

Citrus Valley Health Partners notifies patients of data security incident

Notification of Rights for Texas Consumers

! Required " Optional " Alterations Acceptable

Equifax Phone: Address: Office of Fraud Assistance P.O. Box Atlanta, GA Internet:

Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath...

How to Freeze Your Credit Files Tips for Consumers

Placing a Security Freeze on Your Credit Report

Identity theft can occur even if you have been careful about protecting your personal information.

945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com

DISCLOSURE REGARDING BACKGROUND INVESTIGATION

TENANT FORM DISCLOSURE AND AUTHORIZATION FOR CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT. Landlord / Property Manager:

DISCLOSURE AND AUTHORIZATION FOR CONSUMER AND/OR INVESTIGATIVE CONSUMER REPORT. Company Name:

FCRA SUMMARY OF RIGHTS

Identity Theft Packet

IDENTITY THEFT PACKET

Disclosure & Authorization Regarding Procurement of An Investigative Consumer Report

Product User Guide It s Your Credit. Keep It That Way with 5LINX Safe Score.

Instructions for Completing the ID Theft Affidavit

ID Theft Toolkit and Affidavit

KANSAS STATE UNIVERSITY

APPLICANT DISCLOSURE: This is a sample form for your use. Per FCRA, you must obtain a signed disclosure prior to ordering a background check.

Resources for Victims of IDENTITY THEFT. HENNEPIN COUNTY CHIEFS OF POLICE and HENNEPIN COUNTY ATTORNEY S OFFICE

How to Freeze Your Credit Files

Instructions for Completing the ID Theft Affidavit

Take Charge: Fighting Back Against Identity Theft 37

Get back your good name. Refuse to be a target of identity crime again.

Contractor Disclosure, Authorization & Consent for the Procurement of Consumer Reports

13719 W. Greenfield Ave. PO Box New Berlin, WI 53151

Links are provided on to provide you with the information you need if you wish to obtain the following.

Candidate Disclosure, Authorization & Consent for the Procurement of Consumer Reports

Pre-Adverse Action Notice

Authorization for Consumer Reports and Investigative Consumer Reports

Chadron State College

Volunteer Service Agreement

A SUMMARY OF YOUR RIGHTS UNDER THE FAIR CREDIT REPORTING ACT CONSUMER RIGHTS NOTICE

NAU Police Department s Identity Theft Victim s Packet

Pre-Employment Application

Identity Theft Victim s Packet

REINVESTIGATION REQUEST

A Summary of Your Rights Under the Fair Credit Reporting Act

Consumer Dispute Form

HOW TO USE CREDIT. Latino Community Credit Union & the Latino Community Development Center.

Identity Theft What to do if your identity is stolen

The Attorney General s Office established the Identity Theft Unit in response to increased identity theft incidents reported by Indiana citizens and

Identity Theft Victim s Packet

Sorry to hear your Equifax information was likely compromised. The key to keeping safe now is:

DISCLOSURE AND AUTHORIZATION IMPORTANT PLEASE READ CAREFULLY BEFORE SIGNING ACKNOWLEDGMENT

Thank you for your interest in employment at METEC! Please observe the following steps when applying for employment:

Address: Not Provided SSN: DOB: 01/11/1944 Position: Acct Code: Status: COMPLETED Preferred Delivery Method:

What is Identity Theft?

Contents. Table Of. Glossary. Identity Theft? What is. How Do I Prevent Identity Theft? What Do I Do if My. Identity is Stolen? Help You.

Motor Vehicle Report Risk Management Authorization

INVESTIGATIVE CONSUMER REPORT NOTICE

Application for Employment

COMPANYNAME. Address City, State, ZIP

NAME DATE / / LAST FIRST MIDDLE INITIAL

Motor Vehicle Report Risk Management Authorization

Instructions for completing the ID Theft Affidavit

NEPTUNE ASSOCIATES LLC

Disclosure Statement and Authorization

DISCLOSURE AND AUTHORIZATION

REINVESTIGATION REQUEST

Applicant Information. Street Address Apartment/Unit # City State ZIP Code. Date Available: Social Security No.: Desired Salary:$ If yes, when?

How to Dispute Credit Report Errors

DISCLOSURE AND AUTHORIZATION FOR CONSUMER REPORTS

NAME OF PARISH/SCHOOL REQUESTING SEARCH AND THAT SHOULD RECEIVE BILL AND RESULTS

Transcription:

James E. Prendergast 1275 Drummers Lane, Suite 302 Office: 267-930-4798 Wayne, PA 19087 Fax: 267-930-4771 Email: jprendergast@mullen.law INTENDED FOR ADDRESSEE(S) ONLY VIA U.S. MAIL AND EMAIL Office of the Attorney General 1125 Washington Street SE PO Box 40100 Olympia, WA 98504-0100 Email: securitybreach@atg.wa.gov December 11, 2017 Re: Notice of Data Event Dear Sir or Madam: We represent Combat Brands LLC, 15850 West 108 th Street, Lenexa, KS 66219 ( Combat Brands ), and are writing to notify your office of an incident affecting Combat Brands s e- commerce sites, www.fightgear.com, www.fitness1st.com, www.ringside.com, and www.combatsports.com, that may affect the security of personal information relating to certain Washington residents. By providing this notice, Combat Brands does not waive any rights or defenses regarding the applicability of Washington law, the applicability of the Washington data event notification statute, or personal jurisdiction. Nature of the Data Event On April 14, 2017, Combat Brands notified your office that it was the victim of a sophisticated cyber-attack that resulted in the potential compromise of some customers debit and credit card data used at fightgear.com, fitness1st.com, ringside.com, and combatsports.com between July 1, 2015 and February 23, 2017. Combat Brands was working with a third-party forensic investigator at that time to determine what happened and what information had been potentially compromised. Combat Brands understood that the forensic investigator determined that it had removed all the malware at issue. On October 6, 2017, while in the process of running routine scans, Combat Brands identified some unusual code that was running on its websites. After a brief internal investigation, Combat Brands Mullen.law

Office of the Attorney General December 8, 2017 Page 2 suspected that the investigator s claim that they had found and removed all the malware was incorrect and that their claim that the potential compromise of our customers debit and credit cards stopped on February 23 was also incorrect. Combat Brands removed the suspicious malware on October 6, 2017. Combat Brands immediately began working with a new third-party forensic investigator to determine what happened, what information was affected and to implement additional procedures to further protect the security of customer debit and credit cards. The new investigators confirmed Combat Brands suspicion that the malware was not a new attack but that the malware already existed at the time of the original investigation and had not been removed as promised by the original investigators. The new investigators confirmed that the previously unidentified malware had been removed by Combat Brands on October 6, 2017. The new investigator also determined that no other malware exists and that unauthorized access to customer debit or credit card information stopped on that day. The forensic investigator determined that customers can safely use their payment card at fightgear.com, fitness1st.com, ringside.com, and combatsports.com. Notice to Washington Residents Through the ongoing third-party forensic investigations, Combat Brands confirmed on October 6, 2017 that malware may have stolen credit or debit card data from some credit and debit cards used at www.fightgear.com, www.fitness1st.com, www.ringside.com, and www.combatsports.com between July 1, 2015 and October 6, 2017. The information at risk as a result of this event includes the cardholder s name, card number, expiration date and CVV. Combat Brands determined that personally identifiable information relating to an additional two hundred three (203) Washington residents may have been compromised. Combat Brands is providing written notice of this incident to these potentially impacted Washington residents beginning on or about November 29, 2017, in substantially the same form as the letter attached hereto as Exhibit A. Other Steps Taken and To Be Taken Combat Brands has established a dedicated hotline for individuals to contact with questions or concerns regarding this incident. Additionally, Combat Brands is providing potentially impacted individuals with helpful information on how to protect against identity theft and fraud, including how to place a fraud alert and security freeze on one s credit file, the contact information for the national consumer reporting agencies, how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, state attorney general, and law enforcement to report attempted or actual identity theft and fraud. Combat Brands is also providing written notice of this incident to other state regulators and the national consumer reporting agencies as necessary.

Office of the Attorney General December 8, 2017 Page 3 Contact Information Should you have any questions regarding this notification or other aspects of the data security event, please contact us at 267-930-4798. Very truly yours, cc: Office of the Attorney General Consumer Protection Division 800 5 th Ave., Suite 2000 Seattle, WA 98104-3188 Email: securitybreach@atg.wa.gov James E. Prendergast of MULLEN COUGHLIN LLC

EXHIBIT A

Return Mail Processing Center P.O. Box 6336 Portland, OR 97228-6336 <<Mail ID>> <<Name 1>> <<Name 2>> <<Address 1>> <<Address 2>> <<Address 3>> <<Address 4>> <<Address 5>> <<City>><<State>><<Zip>> <<Country>> <<Date>> Re: Notice of Data Breach Dear <<Name 1>>: We recently learned that we were the victims of a sophisticated cyber-attack that may affect the security of your payment information. We are providing you with information about the incident, steps we are taking in response, and steps you can take to protect against fraud should you feel it is appropriate. What Happened? On October 6, 2017, while in the process of running routine scans, we identified some unusual code that was running on our website. On that same day, we discovered that we were the victim of a sophisticated cyber-attack that resulted in the potential compromise of some customers debit and credit card data used at www.fightgear.com, www.fitness1st.com, www.ringside.com, and www.combatsports.com between July 1, 2015 and October 6, 2017. Since that time, we have been working with third-party forensic investigators to determine what happened, what information was affected and to implement additional procedures to further protect the security of customer debit and credit cards. We removed the malware at issue to prevent any further unauthorized access to customer debit or credit card information. You can safely use your payment card at our websites. What Information Was Involved? Through the ongoing third-party forensic investigations, we confirmed on October 6, 2017 that malware may have stolen credit or debit card data from some credit and debit cards used at www.fightgear.com, www.fitness1st.com, www.ringside.com, and www.combatsports.com between July 1, 2015 and October 6, 2017. The information at risk as a result of this event includes the cardholder s name, address, card number, expiration date and CVV. What We Are Doing. We take the security of our customers information extremely seriously, and we apologize for the inconvenience this incident has caused. We continue to work with third-party forensic investigators to ensure the security of our systems. What You Can Do. Please review the enclosed Privacy Safeguards Information for additional information on how to better protect against identity theft and fraud. We encourage you to remain vigilant against incidents of identity theft by reviewing your account statements regularly and monitoring your credit reports for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of their credit report. T4801 v.01 11.21.2017

For More Information. We are very sorry for any inconvenience or concern this incident causes you. The security of your information is a priority for us. Should you have any questions about the content of this letter or ways you can better protect yourself from the possibility of identity theft, we encourage you to call the dedicated assistance line, staffed by professionals who are experienced in working through situations like this, at 888-396-9597 between 9:00 a.m. and 9:00 p.m. EST, Monday through Friday, excluding major holidays. Sincerely, Doug Skeens President & CEO Combat Brands LLC T4802 v.01 11.21.2017

PRIVACY SAFEGUARDS INFORMATION We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report. At no charge, you can also have these credit bureaus place a fraud alert on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below. Equifax P.O. Box 105069 Atlanta, GA 30348 800-525-6285 www.equifax.com Experian P.O. Box 2002 Allen, TX 75013 888-397-3742 www.experian.com TransUnion P.O. Box 2000 Chester, PA 19022-2000 800-680-7289 www.transunion.com You may also place a security freeze on your credit reports. A security freeze prohibits a credit bureau from releasing any information from a consumer s credit report without the consumer s written authorization. However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services. If you have been a victim of identity theft, and you provide the credit bureau with a valid police report, it cannot charge you to place, lift or remove a security freeze. In all other cases, a credit bureau may charge you a fee to place, temporarily lift, or permanently remove a security freeze. You will need to place a security freeze separately with each of the three major credit bureaus listed above if you wish to place a freeze on all of your credit files. To find out more on how to place a security freeze, you can use the following contact information: Equifax Security Freeze P.O. Box 105788 Atlanta, GA 30348 1-800-685-1111 (NY residents please call 1-800-349-9960) www.freeze.equifax.com Experian Security Freeze P.O. Box 9554 Allen, TX 75013 1-888-397-3742 www.experian.com/freeze/center.html TransUnion PO Box 2000 Chester, PA 19022-2000 1-888-909-8872 www.transunion.com/securityfreeze You can further educate yourself regarding identity theft, fraud alerts, and the steps you can take to protect yourself, by contacting the Federal Trade Commission or your state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. For Maryland residents, the Attorney General can be reached at: 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; 1-888-743-0023; and www.oag.state.md.us. For North Carolina residents, the Attorney General can be contacted by mail at 9001 Mail Service Center, Raleigh, NC 27699-9001; toll-free at 1-877-566-7226; by phone at 1-919-716-6400; and online at www.ncdoj.gov. For Rhode Island residents, the Attorney General can be contacted by mail at 150 South Main Street, Providence, RI 02903; by phone at (401) 274-4400; and online at www.riag.ri.gov. A total of Number Rhode Island resident may be impacted by this incident. Customers have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a crime report or incident report with law enforcement for identity theft, customers will likely need to provide some kind of proof that they have been a victim. For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit prescreened offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the T4803 v.01 11.21.2017

Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580. Instances of known or suspected identity theft should also be reported to law enforcement. This notice has not been delayed as a result of a law enforcement investigation. T4804 v.01 11.21.2017

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback