Microsoft Word Akira Notice of Data Event mt

Processing Center 

●

 P.O. BOX 141578 

●

 Austin, TX 78714

00002

ACD1234

00230

JOHN Q. SAMPLE

1234 MAIN STREET

ANYTOWN US 12345-6789

RE: Notice of Data Breach

Dear John Sample:

Akira,  which  operates  shopakira.com,  is  writing  regarding  a  recent  data  security  incident  that

may  impact  certain  payment  card  information  used  by  you  to  make  purchases  on  our  website

only.   Please note  that this  incident only  affects cards  used on  our website  at shopakira.com  and

not those used in our stores.  We wanted to provide you with information about this incident, our

response and steps you can take to prevent fraud, should you feel it necessary to do so.

What  Happened?    Akira  was  recently  contacted  by  representatives  of  the  credit  card  industry

regarding potential fraud related to credit cards used on our website.  We immediately launched

an  internal  investigation  and  hired  a  third  party  forensic  investigator.    On  July  18,  2017,  the

forensic investigator confirmed that our website was infected with a form of malicious code that

collected  certain  payment  information  used  at  checkout.    This  code  was  immediately  removed

from our website.

What Information Was Involved?  While the investigation is ongoing, we believe that certain

payment  information  used  by  customers  of  shopakira.com  was  subject  to  unauthorized  access

from November 2016 through July 2017.  The data elements potentially subject to unauthorized

access  include  your:  name,  address,  phone  number,  email  address  and  credit  and/or  debit  card

information.  Your Social Security number was not affected by this matter.

What  We  Are  Doing.    We  take  the  security  of  your  personal  information  very  seriously.    We

have removed the infected code that led to the vulnerability and implemented additional security

measures  to  reduce  the  likelihood  of  a  similar  incident  from  happening  in  the  future.    We  are

providing  notice  of  this  incident  to  those  who  may  be  impacted  so  that  they  can  take  steps  to

prevent against possible fraud, should they feel it is necessary to do so.  We will also notify any

required state regulators and the credit reporting agencies about this incident.

What  You  Can  Do.    You  can  stay  vigilant  by  reviewing  your  credit  card  statements  for  any

suspicious  charges.    You  can  also  review  the  enclosed  Steps  You  Can  Take  to  Protect  Against

Identity Theft and Fraud which includes guidance on steps you can take to better protect against

the possibility of fraud and identify theft.

 

01-02-2-00

September 1, 2017

For More Information.  If you have questions or concerns that are not addressed in this notice

letter,  you  may  call  the  confidential  call  center  we  have  set  for  this  matter  at  1-855-285-9875

Monday through  Saturday, 8:00  a.m. to  8:00 p.m.  C.D.T.   Please do  not contact  your local  store

with questions. This call center is better equipped to address all questions regarding the incident.

We  take  the  privacy  of  your  personal  information  seriously.    We  sincerely  regret  any

inconvenience or concern this incident has caused you.

Sincerely,

Eric Hsueh

Vice President

Steps You Can Take to Protect Against Identity Theft and Fraud

We encourage you to remain vigilant against incidents of identity theft and fraud, to review your

account  statements,  and  to  monitor  your  credit  reports  for  suspicious  activity.    Under  U.S.  law

you are entitled to one free credit report annually from each of the three major credit reporting

bureaus.    To  order  your  free  credit  report,  visit  www.annualcreditreport.com  or  call,  toll-free,

1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free

copy of your credit report.

At no charge, you can also have these credit bureaus place a “fraud alert” on your file that alerts

creditors  to  take  additional  steps  to  verify  your  identity  prior  to  granting  credit  in  your  name.

Note, however, that because it tells creditors to follow certain procedures to protect you, it may

also delay your ability to obtain credit while the agency verifies your identity.  As soon as one

credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file.

Should you wish to place a fraud alert, or should you have any questions regarding your credit

report, please contact any one of the agencies listed below.

Equifax

P.O. Box 105069

Atlanta, GA 30348

1-800-525-6285

www.equifax.com

Experian

P.O. Box 2002

Allen, TX 75013

1-888-397-3742

www.experian.com

TransUnion

P.O. Box 2000

Chester, PA 19022-2000

1-800-680-7289

www.transunion.com

You may  also place  a security  freeze on  your credit  reports.   A security  freeze prohibits  a credit

bureau from releasing any information from a consumer’s credit report without the consumer’s

written authorization.  However, please be advised that placing a security freeze on your credit

report  may  delay,  interfere  with,  or  prevent  the  timely  approval  of  any  requests  you  make  for

new loans, credit mortgages, employment, housing, or other services.  If you have been a victim

of  identity  theft,  and  you  provide  the  credit  bureau  with  a  valid  police  report,  it  cannot  charge

you to place, lift or remove a security freeze.  In all other cases, a credit bureau may charge you a

fee to place, temporarily lift, or permanently remove a security freeze.  You will need to place a

security freeze separately with each of the three major credit bureaus listed above if you wish to

place a freeze on all of your credit files.  To find out more on how to place a security freeze, you

can use the following contact information:

Equifax Security Freeze

P.O. Box 105788

Atlanta, GA 30348

1-800-685-1111

(NY residents please call

1-800-349-9960)

https://www.freeze.equifax.com

Experian Security Freeze

P.O. Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com/freeze/

center.html

TransUnion

P.O. Box 2000

Chester, PA 19022-2000

1-888-909-8872

www.transunion.com/credit-

freeze

02-02-2

You can further educate yourself regarding identity theft, fraud alerts, and the steps you can take

to protect yourself, by contacting the Federal Trade Commission or your state Attorney General.

The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington,

DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.

For  Maryland  residents,  the  Attorney  General  can  be  reached  at:  200  St.  Paul  Place,  16th

Floor, Baltimore, MD 21202; 1-888-743-0023; and www.oag.state.md.us.  For North Carolina

residents, the  Attorney General  can be  contacted by  mail at  9001 Mail  Service Center,  Raleigh,

NC  27699-9001;  toll-free  at  1-877-566-7226;  by  phone  at  1-919-716-6400;  and  online  at

www.ncdoj.gov.    For  Rhode  Island  Residents,  The  Rhode  Island  Attorney  General  may  be

contacted  at:  Rhode  Island  Attorney  General’s  Office,  150  South  Main  St.,  Providence,  RI

02903. http://www.riag.ri.gov. Approximately 29 Rhode Island residents may have been affected

by  this  incident.    For  New  Mexico  residents,  you  have  rights  pursuant  to  the  Fair  Credit

Reporting Act, such as the right to be told if information in your credit file has been used against

you, the right to know what is in your credit file, the right to ask for your credit score, and the

right  to  dispute  incomplete  or  inaccurate  information.    Further,  pursuant  to  the  Fair  Credit

Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or

unverifiable  information;  consumer  reporting  agencies  may  not  report  outdated  negative

information;  access  to  your  file  is  limited;  you  must  give  your  consent  for  credit  reports  to  be

provided to employers; you may limit “prescreened” offers of credit and insurance you get based

on information in your credit report; and you may seek damages from violator.  You may have

additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims

and  active  duty  military  personnel  have  specific  additional  rights  pursuant  to  the  Fair  Credit

Reporting  Act.    We  encourage  you  to  review  your  rights  pursuant  to  the  Fair  Credit  Reporting

Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf,

or  by  writing  Consumer  Response  Center,  Room  130-A,  Federal  Trade  Commission,  600

Pennsylvania  Ave.  N.W.,  Washington,  D.C.  20580.    The  Federal  Trade  Commission  also

encourages those who discover that their information has been misused to file a complaint with

them.  Instances of known or suspected identity theft should also be reported to law enforcement.

This notice has not been delayed by law enforcement.