Impact Mobile Home Communities Provides Notice Of Data Privacy Incident

CEDAREDGE, Colo., May 5, 2020 /PRNewswire/ -- Although unaware of any actual or attempted misuse, Impact Mobile Home Communities ("Impact MHC") is providing notice of a data privacy event impacting the security of information relating to certain current and former property residents and employees.

What Happened?  On July 3, 2019, Impact MHC became aware of suspicious activity relating to an employee email account, and immediately launched an investigation to determine what may have happened. Working together with a leading computer forensics firm, the investigation determined that an unauthorized individual or individuals accessed several employee email accounts between July 1, 2019 and July 31, 2019.  Two of the email accounts were accessed between October 3, 2018 and July 8, 2019. Impact MHC undertook a lengthy and labor-intensive process to identify the personal information contained in the affected email accounts, and then reviewed its internal records to locate the appropriate mailing addresses for the impacted individuals.

Because Impact MHC was unable to determine which email messages in the accounts may have been viewed or acquired by the unauthorized actor, the entire contents of the impacted email accounts were reviewed to identify what personal information was accessible to the unauthorized actor(s). Due to the large volume of emails to be reviewed, this was a very lengthy and labor-intensive process. On February 27, 2020, Impact MHC identified the individuals potentially impacted by this incident after a thorough programmatic and manual review of the email accounts. Once Impact MHC confirmed the individuals who were potentially affected, they worked to identify current contact information for the impacted individuals, and began preparing an accurate written notice of this incident. Impact MHC is providing notice to the individuals whose information was present in the affected email accounts at the time of the incident and may have been viewed by the unauthorized individual(s). 

What Information Was Affected? The accessed email accounts contained information relating to certain current and former property residents and Impact MHC employees. The type of information affected varies per individual, and includes one or more of the following types of information: name, date of birth, Social Security number, financial account number, medical or health information, driver's license number, credit or debit card number, and username or email address and password. For a very small number of individuals, a passport number may have been affected.

Although they cannot confirm that any individual's personal information was actually accessed or viewed without permission, Impact MHC is providing this notice out of an abundance of caution because such activity cannot be ruled out. Impact MHC does not have any evidence of actual or attempted misuse of any individual's information as a result of this incident.

How will individuals know if they are affected by this incident?  Impact MHC is mailing notice letters to the individuals for whom they have valid mailing addresses whose protected information was contained within the affected email accounts. Because Impact MHC has insufficient contact information for some of the individuals whose information may be contained in the impacted email accounts, they are providing notice to those potentially impacted individuals by way of a notification published to certain state media outlets. If an individual did not receive a letter but would like to know if they are affected, they may call the hotline listed below.

What Are They Doing?  Information privacy and security are among Impact MHC's highest priorities. Impact MHC has strict security measures in place to protect the information in its possession. Upon learning of this incident, Impact MHC quickly changed all employee email account passwords and took steps to secure the accounts. Impact MHC is currently implementing additional technical safeguards and employee training to prevent similar future incidents. Impact MHC is also offering the impacted individuals access to complimentary credit monitoring services as an added precaution. This incident has been reported to certain state regulators, and Attorneys General.

Whom should individuals contact for more information? If individuals have questions or would like additional information, they may call Impact MHC's dedicated assistance line at 1-833-979-2226 (toll free), Monday through Friday, 7:00 a.m. to 7:00 p.m., Mountain Time.

What can individuals do to protect their information?  While Impact MHC is unaware of any actual or attempted misuse of any information involved in this incident, they encourage those potentially impacted by the event to take steps to better protect against identity theft and fraud if they feel it is appropriate to do so.

Monitor Your Accounts. To protect against the possibility of identity theft or other financial loss, Impact MHC encourages you to remain vigilant, to review your financial and other account statements, and to monitor your credit reports for suspicious activity. 

Credit Reports. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of your credit report.

Security Freeze. You have the right to place a "security freeze" on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.  Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

If you request a security freeze with the above consumer reporting agencies, you may need to provide the following information:

1. Your full name (including middle initial as well as Jr., Sr., II, III, etc);
2. Social Security Number;
3. Date of birth;
4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
5. Proof of current address such as a current utility bill or telephone bill; and
6. A legible photocopy of a government issued identification card (state driver's license or ID card, military information, etc.)

To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze.  The credit bureaus have three (3) business days after receiving your request to remove the security freeze.

As an alternative to a security freeze, you have the right to place an initial or extended "fraud alert" on your file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer's credit file.  Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the agencies listed below:

Additional Information. You can further educate yourself regarding identity theft, and the steps you can take to protect yourself, by contacting your state Attorney General or the Federal Trade Commission.  The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.  The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.ftc.gov/idtheft; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.  Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state's Attorney General.  This notice was not delayed by a law enforcement investigation.  For Maryland residents, the Attorney General can be contacted by mail at 200 St. Paul Place, Baltimore, MD, 21202; toll-free at 1-888-743-0023; by phone at (410) 576-6300; consumer hotline (410) 528-8662; and online at www.marylandattorneygeneral.gov.  For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit "prescreened" offers of credit and insurance you get based on information in your credit report; and you may seek damages from violator. You may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act.  We encourage you to review your rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580. For New York Residents: The New York Attorney General provides resources regarding identity theft protection and security breach response at www.ag.ny.gov/internet/privacy-and-identity-theft. The New York Attorney General can be contacted by phone at 1-800-771-7755; toll-free at 1-800-788-9898; and online at www.ag.ny.gov. For North Carolina Residents: The North Carolina Attorney General can be contacted by mail at 9001 Mail Service Center, Raleigh, NC 27699-9001; toll-free at 1-877-566-7226; by phone at 1-919-716-6400, and online at www.ncdoj.gov. For Rhode Island Residents: The Rhode Island Attorney General can be reached at: 150 South Main Street, Providence, Rhode Island 02903, www.riag.ri.gov, 1-401-247-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident.  There are approximately 39 Rhode Island residents impacted by this incident. 

SOURCE Impact Mobile Home Communities