Notice to our consumers regarding security incident
YMCA of Central Florida (“YMCA”) takes seriously the privacy and security of our patrons’ personal information. Regrettably, this notice concerns an incident involving some of that information.
On October 24, 2017, YMCA learned that an unauthorized person gained access to several employees’ email accounts. Upon learning of the incident, we immediately disabled the affected email accounts, changed the account passwords, and began an investigation, including engaging a leading forensic firm. Our investigation determined that some emails may have been accessed and may have contained our patrons’ names, financial account numbers, and payment card numbers. In some instances, the information in the email accounts also included Social Security numbers, driver’s license or other government issued identification numbers, passports, health information, and health insurance numbers. This incident did not affect all patrons, but only some program registrants.
At this time we have no indication that the information in the emails was actually viewed or used in any way. However, out of an abundance of caution we are notifying individuals of this incident. We remind individuals to remain vigilant to the possibility of fraud by reviewing financial and payment card account statements for any unauthorized activity. Individuals should immediately report any unauthorized activity or charges to their financial institution. Payment card network rules generally state that cardholders are not responsible for fraudulent charges that are timely reported. Individuals whose Social Security numbers were potentially involved are being offered a one-year complimentary credit monitoring and identity protection service. Please refer to the information below for more ways you may protect yourself.
Individuals with questions or believe their information may be involved, may call 1-877-982-1592, Monday through Friday between 9 a.m. and 5 p.m. Eastern Time.
We sincerely regret that this incident occurred and apologize for any inconvenience or concern this may cause. To help prevent an incident like this from happening in the future, we are providing our employees with additional privacy training and education.
MORE INFORMATION ON WAYS TO PROTECT YOURSELF
We recommend that you remain vigilant for incidents of fraud or identity theft by reviewing your account statements and credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:
Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800
If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:
Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW
Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft