Processing Center
●
P.O. BOX 141578
●
Austin, TX 78714
00002
ACD1234
00230
JOHN Q. SAMPLE
1234 MAIN STREET
ANYTOWN US 12345-6789
RE: Notice of Data Breach
Dear John Sample:
Akira, which operates shopakira.com, is writing regarding a recent data security incident that
may impact certain payment card information used by you to make purchases on our website
only. Please note that this incident only affects cards used on our website at shopakira.com and
not those used in our stores. We wanted to provide you with information about this incident, our
response and steps you can take to prevent fraud, should you feel it necessary to do so.
What Happened? Akira was recently contacted by representatives of the credit card industry
regarding potential fraud related to credit cards used on our website. We immediately launched
an internal investigation and hired a third party forensic investigator. On July 18, 2017, the
forensic investigator confirmed that our website was infected with a form of malicious code that
collected certain payment information used at checkout. This code was immediately removed
from our website.
What Information Was Involved? While the investigation is ongoing, we believe that certain
payment information used by customers of shopakira.com was subject to unauthorized access
from November 2016 through July 2017. The data elements potentially subject to unauthorized
access include your: name, address, phone number, email address and credit and/or debit card
information. Your Social Security number was not affected by this matter.
What We Are Doing. We take the security of your personal information very seriously. We
have removed the infected code that led to the vulnerability and implemented additional security
measures to reduce the likelihood of a similar incident from happening in the future. We are
providing notice of this incident to those who may be impacted so that they can take steps to
prevent against possible fraud, should they feel it is necessary to do so. We will also notify any
required state regulators and the credit reporting agencies about this incident.
What You Can Do. You can stay vigilant by reviewing your credit card statements for any
suspicious charges. You can also review the enclosed Steps You Can Take to Protect Against
Identity Theft and Fraud which includes guidance on steps you can take to better protect against
the possibility of fraud and identify theft.
01-02-2-00
September 1, 2017
For More Information. If you have questions or concerns that are not addressed in this notice
letter, you may call the confidential call center we have set for this matter at 1-855-285-9875
Monday through Saturday, 8:00 a.m. to 8:00 p.m. C.D.T. Please do not contact your local store
with questions. This call center is better equipped to address all questions regarding the incident.
We take the privacy of your personal information seriously. We sincerely regret any
inconvenience or concern this incident has caused you.
Sincerely,
Eric Hsueh
Vice President
Steps You Can Take to Protect Against Identity Theft and Fraud
We encourage you to remain vigilant against incidents of identity theft and fraud, to review your
account statements, and to monitor your credit reports for suspicious activity. Under U.S. law
you are entitled to one free credit report annually from each of the three major credit reporting
bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free,
1-877-322-8228. You may also contact the three major credit bureaus directly to request a free
copy of your credit report.
At no charge, you can also have these credit bureaus place a “fraud alert” on your file that alerts
creditors to take additional steps to verify your identity prior to granting credit in your name.
Note, however, that because it tells creditors to follow certain procedures to protect you, it may
also delay your ability to obtain credit while the agency verifies your identity. As soon as one
credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file.
Should you wish to place a fraud alert, or should you have any questions regarding your credit
report, please contact any one of the agencies listed below.
Equifax
P.O. Box 105069
Atlanta, GA 30348
1-800-525-6285
www.equifax.com
Experian
P.O. Box 2002
Allen, TX 75013
1-888-397-3742
www.experian.com
TransUnion
P.O. Box 2000
Chester, PA 19022-2000
1-800-680-7289
www.transunion.com
You may also place a security freeze on your credit reports. A security freeze prohibits a credit
bureau from releasing any information from a consumer’s credit report without the consumer’s
written authorization. However, please be advised that placing a security freeze on your credit
report may delay, interfere with, or prevent the timely approval of any requests you make for
new loans, credit mortgages, employment, housing, or other services. If you have been a victim
of identity theft, and you provide the credit bureau with a valid police report, it cannot charge
you to place, lift or remove a security freeze. In all other cases, a credit bureau may charge you a
fee to place, temporarily lift, or permanently remove a security freeze. You will need to place a
security freeze separately with each of the three major credit bureaus listed above if you wish to
place a freeze on all of your credit files. To find out more on how to place a security freeze, you
can use the following contact information:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111
(NY residents please call
1-800-349-9960)
https://www.freeze.equifax.com
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/
center.html
TransUnion
P.O. Box 2000
Chester, PA 19022-2000
1-888-909-8872
www.transunion.com/credit-
freeze
02-02-2
You can further educate yourself regarding identity theft, fraud alerts, and the steps you can take
to protect yourself, by contacting the Federal Trade Commission or your state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington,
DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.
For Maryland residents, the Attorney General can be reached at: 200 St. Paul Place, 16th
Floor, Baltimore, MD 21202; 1-888-743-0023; and www.oag.state.md.us. For North Carolina
residents, the Attorney General can be contacted by mail at 9001 Mail Service Center, Raleigh,
NC 27699-9001; toll-free at 1-877-566-7226; by phone at 1-919-716-6400; and online at
www.ncdoj.gov. For Rhode Island Residents, The Rhode Island Attorney General may be
contacted at: Rhode Island Attorney General’s Office, 150 South Main St., Providence, RI
02903. http://www.riag.ri.gov. Approximately 29 Rhode Island residents may have been affected
by this incident. For New Mexico residents, you have rights pursuant to the Fair Credit
Reporting Act, such as the right to be told if information in your credit file has been used against
you, the right to know what is in your credit file, the right to ask for your credit score, and the
right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit
Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or
unverifiable information; consumer reporting agencies may not report outdated negative
information; access to your file is limited; you must give your consent for credit reports to be
provided to employers; you may limit “prescreened” offers of credit and insurance you get based
on information in your credit report; and you may seek damages from violator. You may have
additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims
and active duty military personnel have specific additional rights pursuant to the Fair Credit
Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting
Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf,
or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600
Pennsylvania Ave. N.W., Washington, D.C. 20580. The Federal Trade Commission also
encourages those who discover that their information has been misused to file a complaint with
them. Instances of known or suspected identity theft should also be reported to law enforcement.
This notice has not been delayed by law enforcement.
Dostları ilə paylaş: |