The Cerebral Palsy Research Foundation of Kansas, Inc. posted the following notice on its site about a breach. According to their report to HHS, the incident resulted in the notification of 8300 clients.
May 9, 2018
To CPRF Clients:
We are writing to notify CPRF clients of a privacy incident involving demographic data for those served from 2001-2010.
What happened?
On March 10, 2018, the CPRF team became aware that a previously used database containing client data was vulnerable for a period of 10 months. CPRF immediately re-secured the information and began the investigation and identification process. CPRF determined that, in the course of building a demographic database in early 2000, the information was stored on a secure sub-domain. This database was not identified during a recent change in servers at CPRF, which temporarily exposed the information before it was re-secured.
What information was involved?
The information could include personal identifiable information and personal health information regarding type of disability. If you were a CPRF client from 2001-2010, please call 855-789-0923 with any questions regarding what type of information was exposed on an individual level. No client financial information or donor information was affected.
What we are doing?
Once we became aware of the situation, we immediately re-secured the information and took the necessary steps to determine the scope and nature of the information in order to send notification letters to those affected.
As a result of this incident, CPRF conducted a thorough audit of all other sub-domains and detected no further vulnerabilities. We also reinforced our policies and procedures related to data security and employee transitions, and we are in the process of hiring a third-party consultant to perform routine vulnerability and penetration evaluations.
What you can do?
All CPRF clients who were affected by this incident should sign up for the free, one-year credit monitoring and identity protection services offered. A website and personal activation code were included in the client notification letter. If you did not receive a letter, but were a CPRF client from 2001-2010, call 855-789-0923 to determine if you were affected. If so, we encourage you to use the credit monitoring and identity protection services.
Other ways to protect against harm:
- Call the toll-free numbers of one of the three major credit bureaus to place a fraud alert on your credit report. This can help prevent identity theft by preventing new accounts from being opened in your name.
- Equifax 1-800-525-6285 (P.O. Box 740241, Atlanta GA 30374-0241)
- Experian 1-888-397-3742 (P.O. Box 9532, Allen, TX 75013)
- TransUnion 1-800-680-7289 (Attn: Fraud Victims Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790)
- Monitor your credit reports. Examine your reports closely for activity that you have not initiated.
- Monitor your banking and credit card statements closely for activity that you have not initiated.
- Visit the Federal Trade Commission Identity Theft website for information on protecting yourself from identity theft. www.ftc.gov (to Quick Finder and click on Identity Theft).
For more information
For more information, call 855-789-0923.
Sincerely,
Patrick T. Jonas
CPRF President & CEO