September 28, 2020
Adults and Children with Learning and Developmental Disabilities, Inc. (“ACLD”) takes the privacy and confidentiality of your personal information very seriously.
We received notice from Blackbaud, our fundraising platform vendor, that in May of 2020, they had been the victim of a ransomware attack and that they believe cybercriminals removed a subset of information. ACLD immediately consulted legal counsel to investigate the impact on the individuals involved in this security incident. Blackbaud informed us that its Cyber Security team – together with independent forensic experts and law enforcement – successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled the cybercriminals from the system. The information ACLD stores within Blackbaud’s system is very limited and Blackbaud has confirmed that the cybercriminals did not access bank account information, credit card information or social security numbers.
After Blackbaud provided notice to us, we conducted a thorough review of the information entered into the system, and on August 3, 2020 determined that the following types of information may have been taken or accessed by the cybercriminal as part of the incident:
Demographic Information including: first and last name, address, city, state, and zip.
Blackbaud has informed us that it has no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
We value your privacy and in response to this incident, we took action immediately. We have conducted a thorough review of the incident and have limited the type of information ACLD stores in the database. Further, while we have no reason to believe the data is currently being misused, we do recommend you review the attachment to this letter (Steps You Can Take to Further Protect Your Information).
ACLD remains committed to ensuring your privacy is protected. We encourage you to reach out if you have any further questions, by calling (516) 822-0028, ext.760 or sending an email to Privacy@acld.org.
ACLD Compliance Officer & HIPAA Privacy Officer
STEPS YOU CAN TAKE TO FURTHER PROTECT YOUR INFORMATION
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity – As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission.
To file a complaint with the FTC, go to www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, which is a database made available to law enforcement agencies.
Copy of Credit Report – You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com, calling toll-free 1–877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of the request form at www.annualcreditreport.com/cra/requestformfinal.pdf. Or you can elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies. Contact information for the three national credit reporting agencies for the purpose of requesting a copy of your credit report or for general inquiries is provided below:
|(800) 685-1111||(888) 397-3742||(800) 916-8800|
|P.O. Box 740241||535 Anton Blvd, Suite 100||P.O. Box 6790|
|Atlanta, GA 30374||Costa Mesa, CA 92626||Fullerton, CA 92834|
Fraud Alert – You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at www.annualcreditreport.com.
Security Freeze – In some US states, you have the right to put a security freeze on your credit file. This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.
Additional Free Resources on Identity Theft – You may wish to review the tips provided by the Federal Trade Commission on how to avoid identity theft. For more information, please visit www.ftc.gov/idtheft or call 1–877-ID-THEFT (877-438-4338). A copy of “Taking Charge: What to Do if Your Identity is Stolen”, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC’s website at www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm.
Review Your Medical and Insurance Statements – As a precautionary measure, we also recommend that you review your medical and insurance statements regularly and completely. They can show warning signs of identity theft. Read the Explanation of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment. Check the name of the provider, the date of service, and the service provided. Do the claims paid match the care you received? If you see a mistake, contact your health plan and report the problem.
Other signs of medical identity theft include:
- A bill for medical services you didn’t receive
- A call from a debt collector about a medical debt you don’t owe
- Medical collection notices on your credit report that you don’t recognize
- A notice from your health plan saying you reached your benefit limit
- A denial of insurance because your medical records show a condition you don’t have
You may wish to review the tips provided by the Federal Trade Commission on how to avoid medical identity theft. A copy of “Identity Theft: A Recovery Plan”, a comprehensive guide from the FTC to help you guard against and deal with medical identity theft, can be found on the FTC’s website at www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm.