Notice of Data Security Incident
Bricker & Eckler LLP ("Bricker"), a full-service law firm with offices throughout Ohio, was recently the target of a ransomware attack. In the course of Bricker’s work on behalf of clients, it is at times provided access to personal information as a part of the client engagement. Bricker receives and utilizes this data solely in its representation of and to provide legal counsel to its clients.
On January 31, 2021, Bricker learned that it was the target of a ransomware attack. Upon learning of the incident, Bricker immediately took measures to contain the incident, launched an investigation, and third-party cybersecurity forensic experts were engaged to assist. Bricker also notified federal law enforcement.
The investigation determined that an unauthorized party gained access to certain Bricker internal systems at various times between approximately January 14, 2021 and January 31, 2021. Findings from the investigation indicate that the party obtained some data from certain Bricker systems during this period. Bricker was able to retrieve the data involved from the unauthorized party and has taken steps to delete the data. At this time, Bricker has no reason to believe this data was further copied or retained by the unauthorized party. Bricker conducted a thorough review of the data to identify individuals whose personal information may have been involved. On or around March 12, 2021, Bricker substantially completed its review of the data and began formally notifying clients of any client-related personal information included in these files.
What Information Was Involved?
The review determined that the data involved contained some personal information, including names, addresses, and in certain instances, medical-related and/or education-related information, driver’s license numbers, and/or Social Security numbers.
What We Are Doing
On April 6, 2021, Bricker will begin mailing letters to individuals whose information was involved and for whom Bricker has mailing addresses. Bricker also established a dedicated call center to answer questions about the matter.
To help prevent a similar type of incident from occurring in the future, Bricker implemented additional security protocols designed to enhance the security of Bricker’s network, internal systems and applications. Bricker will also continue to evaluate additional steps that may be taken to further increase Bricker’s defenses going forward. In addition, Bricker is continuing to support federal law enforcement’s investigation.
What You Can Do
To learn more about the incident or if you think you may have been affected, please contact 833-796-8641.
For More Information
The security of your personal information is important to Bricker and Bricker sincerely regrets that this incident occurred. For more information, or if you have any questions or need additional information, please call 833-796-8641 Monday through Friday, between 9:00 a.m. and 11:00 p.m. Eastern Time and Saturday and Sunday between 11:00 a.m. and 8:00 p.m.
Information About Identity Theft Protection Guide
Contact information for the three nationwide credit reporting companies is as follows:
P.O. Box 740256
Atlanta, Georgia 30348
P.O. Box 9554
Allen, Texas 75013
P.O. Box 105281
Atlanta, GA 30348-5281
Free Credit Report. We remind you to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. If you identify any unauthorized charges on your financial account statements, you should immediately report any such charges to your financial institution. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Security Freeze. Security freezes, also known as credit freezes, restrict access to your credit file, making it harder for identity thieves to open new accounts in your name. You can freeze and unfreeze your credit file for free. You also can get a free freeze for your children who are under 16. And if you are someone’s guardian, conservator or have a valid power of attorney, you can get a free freeze for that person, too.
How will these freezes work? Contact all three of the nationwide credit reporting agencies – Equifax, Experian, and TransUnion. If you request a freeze online or by phone, the agency must place the freeze within one business day. If you request a lift of the freeze, the agency must lift it within one hour. If you make your request by mail, the agency must place or lift the freeze within three business days after it gets your request. You also can lift the freeze temporarily without a fee.
The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.
Fraud Alerts. A fraud alert tells businesses that check your credit that they should check with you before opening a new account. An initial fraud alert stays on your credit report for one year. You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. To place a fraud alert on your credit reports, contact one of the nationwide credit bureaus. A fraud alert is free. The credit bureau you contact must tell the other two, and all three will place an alert on their versions of your report.
Federal Trade Commission and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. You may contact the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/, 1-877-IDTHEFT (438-4338).
Reporting of identity theft and obtaining a police report.
You have the right to obtain any police report filed in the United States in regard to this incident. If you are the victim of fraud or identity theft, you also have the right to file a police report.