From their notification letter, which does not explain why it took 2.5 months for them to make notifications nor where the laptop was stolen:
We are writing to inform you of a data security incident at Gibson Insurance Agency, Inc. (“Gibson”) that may have resulted in the disclosure of your personal information, including your name and Social Security number. We take the security of your personal information very seriously, and sincerely apologize for any inconvenience this incident may cause. This letter contains information about steps you can take to protect your information, and resources we are making available to help you.
Gibson provides employee benefits management of your or your family member’s employer group health insurance plan. On July 28, 2016, we discovered an employee’s laptop computer had been stolen. We immediately conducted an investigation. It was determined the files on the laptop may have contained your name, address, date of birth, Social Security number, and health insurance information. The laptop did not contain your medical health records, which we do not have access to. Law enforcement has been notified and we are cooperating with their investigation.
Although we are unaware of any misuse of your information, out of an abundance of caution, we have arranged to have Kroll provide identity monitoring for 12 months at no cost to you. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of con dential data. Your identity monitoring services include Credit Monitoring, Identity Consultation, and Identity Restoration.
Visit kroll.idMonitoringService.com to enroll and take advantage of your identity monitoring services. Membership Number: <<Member ID>>
To receive credit services by mail instead of online, please call 1-866-599-7386. Additional information describing your services is included with this letter.
For more information on identity theft prevention and Kroll, including instructions on how to enroll, please call 1-866-599-7386, 9:00 a.m. to 6:00 p.m. (Eastern Time), Monday through Friday. Please have your membership number ready. Also, please note the deadline to enroll is January 12, 2017.
We want to assure you we have taken steps to prevent a similar event from occurring in the future. This includes increased electronic safeguards and a review of current physical policies and procedures for the secure storage of personal information. We are in the process of training our employees regarding these existing and additional safeguards.
Please know that the protection and security of your personal information is a top priority for us. If you have any questions or concerns, please call 1-866-599-7386, Monday through Friday, 9:00 a.m. to 6:00 p.m. Eastern Time, excluding major holidays.
Sincerely,
Tim Leman Chairman & CEO