The Connection Inc. is committed to protecting the privacy and security of the information we maintain. This notice describes an incident that may have involved information for some of our clients.
On June 8, 2020, The Connection concluded our investigation of an incident that involved unauthorized access to two of our employees’ email accounts. The Connection first learned of this incident on February 13, 2020, when an employee reported experiencing issues receiving email, at which time, The Connection immediately launched an investigation, with the assistance of an outside professional IT security firm.
Through its investigation, The Connection learned that unauthorized parties accessed two employees’ email accounts between January 4, 2020 and February 13, 2020. The unauthorized parties also attempted to change The Connection employees’ direct deposit information with our payroll department. Although it appears that the purpose of the unauthorized access to the accounts was to change the employees’ direct deposit information and fraudulently obtain funds from The Connection, we could not rule out the possibility that unauthorized parties may have been able to access emails and attachments in the accounts.
As part of our investigation, we conducted a comprehensive review of the emails and attachments in the email accounts to identify individuals whose information may have been accessible to the unauthorized parties as a result of this incident.
Through this review, we determined that the unauthorized parties may have accessed emails and attachments that contain information pertaining to some its current, former, and potential clients. The information found included names, dates of birth, mailing addresses, Social Security numbers, driver’s license numbers, financial account information (including bank account and routing numbers), medical record or patient account numbers, treatment and clinical information, prescription information, diagnoses, provider names, dates of treatment, and/or affiliation with The Connection. To date, The Connection unaware of any misuse of the information maintained in the two employees’ email accounts.
Beginning on July 24, 2020, we will be mailing letters to clients whose information was contained in the email accounts. We have also established a dedicated, toll-free incident response line to answer questions about the incident. For those individuals whose Social Security numbers are included, we are offering complimentary credit monitoring and identity protection services. If you have questions, please call 1-888-675-0090, Monday through Friday, from 9:00 a.m. to 6:00 p.m., Eastern Time.
We recommend clients whose information may have been involved in this incident review the statements they receive from their health care providers. If they see services they did not receive, clients should contact the provider immediately. For more information on additional steps you can take to protect your information or your child’s information, please see the pages that follow this letter.
We deeply regret any concern or inconvenience this incident may cause you. To help prevent something like this from happening again, we have implemented multi-factor authentication for remote access to email and are now providing additional cyber security training to employees.