Embed Size (px)
Citation preview
MARSHALL DENNEHEY OHIOCincinnatiClevelandWARN ER COLEMAN s GOGGIN
A P ROFES S IONAL C O R P O R ATIO N
PENNSYLVANIAAllentown
DoylestownErie
HarrisburgKing of Prussia
PhiladelphiaPittsburghScranton
I
I4I
FLORIDAFt. LauderdaleJacksonvilleOrlandoTampa2000 Market Street, Suite 2300 ¢ Philadelphia, PA 19103
(215) 575-2600 I Fax (215) 575-0856i
NEW IERSEYCherry HillRoseland
NEWYORKLong IslandNew York CityWestchesterDirect Dial: 215-575-2615
Email: [email protected]
Wilmington
February 20, 2017
Via Ema il: Id the ft@oa g .s ta te .md.usAttorney Gene ra l Brian E. FroshOffice of the Attorne y Ge ne ra lAttn: S e curity Bre a ch Notifica tion200 St. Paul PlaceBa ltimore , MD 21202
R E : Zelnick, Mann and Winikur, PCOur File No. 40877_ 00103
Dear Attomey Gene ra l Frosh:
Pursuant to Maryland Code Ann., Com. Law § 14-3504(h), we a re writing to notify you of a da tase curity incide nt involving 16 Ma ryla nd re s ide nts . We a re submitting this notifica tion on be ha lf of our clie nt,Ze lnick, Ma nn a nd Winikur, P C ("Ze lnick").
Na tu re Of The S e c urity Bre a c h
Ze lnick is an accounting firm loca ted in Ba la Cynwyd, Pennsylvania . On Janua ry 15, 2017, Ze lnickde te rmined tha t a number of its fonner employees who recently le ft the firm to s ta rt the ir own bus iness tooksome of Ze lnick's client's records with them without authoriza tion. These records conta in the names, addresses ,socia l security numbers , and financia l informa tion be longing to some of Ze lnick's clients . Ze lnick has noreason to be lieve tha t its client information has been improperly used.
The Ma ryla nd re s ide nts involve d in this incide nt will be forwa rde d le tte rs notifying the m of this incide nton Februa ry 21 , 2017. A copy of the form le tte r is a ttached he re to. Notifica tion to the re s idents will not bede layed due to law enforcement inves tiga tion.
S teps Taken Re la ting To The Inc ident
Upon leaming of the incident, Ze lnick took immedia te s teps to inves tiga te and de te rmine the source andextent of any access to its clients ' pe rsona l informa tion. Ze lnick is now in the process of reviewing its inte rna lpolicies and da ta management protocols and will be implementing enhanced security measures to he lp preventthis type of incide nt from re curring in the future .
Attorney Gene ra l Brian E. FroshFebruary 20, 2017
P a ge 2
Should you need additiona l infoimation regarding this matte r, please contact me .
Ve ry truly yours ,
9 I
DAVID J . S HANNON
DJS :j1Encl.
5
Nernbcra ohAmerlcuu l1ystituie. ui'
Cuxtiiicxl Public AcccluntantsZELNICK, MAL AND w1nmoR, RC.
C8RII§~118D PUBLIC ACCOTQINIANITS
Triad Plaza, Suite 800201 N; Fizsideulial BoulavardBala Gymvyd, PA199041257
Pmnsylvanla lnskitute nfCertilimd Public Ancolmtnnbs
(610) 664.0450FAX; (619) wwsss
1-80Q0550-5038www_zn11vtpa.coru1
February21, 2017
NOTICE OF DATA S ECURITY INCIDENTDear
We a re writing to inform you of a da ta security incident tha t may involve your pe rsona l informa tion.The privacy and protection of your information is a ma tte r tha t we take ve ry se rious ly, and we have workedquicldy to address the incident. P lease review the information provided in this le tte r for some s teps tha t Youmay take to protect yourse lf against any potentia l misuse of your infonnation.
What Happened.
On Ja nua ry 15, 2017, Ze lnick, Mmm a nd Winikur, PC ("Ze lnick") de te rmine d tha t a numbe r of ourformer employees who recently le ft the firm to s ta rt the ir own business took some of Zelnick's client's recordswith the m without Ze lnick's a uthoriza tion. These records conta in the names , addresses , socia l securitynumbers , and financia l information be longing to some of our clients . We have de tennined tha t your persona linformation was among the information conta ined in these records . We have no reason to be lieve tha t yourinformation has been improperly used. However, we a re notifying you as a precautionary s tep and to complywith applicable s ta te law.
We take your privacy and protection very seriously and we regre t tha t this incident occurred. We tooksteps to address this incident promptly a fte r it was discovered, including undertaking an inte rna l investiga tionto better understand what had taken place and how.
Wha t You Can Do
Potentia lly affected individuals can take the following steps to guard against identity theft and fraud:
As a ge ne ra l pre ca ution we re comme nd tha t you re vie w your cre dit a nd de bit ca rd a ccountstatements as soon as possible to detennine if there are any discrepancies or unusual activity listed.
Remain vigilant and continue to monitor your bank and credit ca rd s ta tements for unusua l activitygoing forward. If you see anything tha t you do not unders tand or tha t looks suspicious , or if you suspect tha tany fraudulent transactions have taken place, call the bank that issued your credit or debit card immediately.
I Care fully check your credit reports for accounts you did not open or for inquirie s Nom creditors tha tyou did not initia te . If you see anything tha t you do not unde rs tand, ca ll the credit agency immedia te ly. Aspa rt of the complime nta ry prote ction, you ma y dis cus s your conce m with a ny of the thre e prima ry cre ditagencies - Equifax, Experian, and TransUnion (see enclosures for contact information).
l P lace a "fraud a1ert" or "security freeze" on your credit file . Information about these options for yourcre dit file , a long with ins tructions for a ctiva ting the s e options , ca n be found in the e nclos e d re fe re ncematerials, or by contacting one of the three credit agencies noted above.
l Review the enclosed "Information About Identity Theft Protection" re fe rence guide , which describesadditiona l s teps tha t you may take to he lp protect yourse lf, including recommendations by the Federa l TradeCommission regarding your identity theft protection.
Eor More Inf.Q_r_mation
If you have questions about the information in this letter, please contact 610-664.=04-50 ext. 1021 .
Once aga in, the privacy and protection of your information is a matte r we take very se riously and wesincerely apologize for any concern that this may cause you.
Sincere ly,
Ala n B. Winikur, CP A/ABV/CP FS ha re holde rZe hlick, Ma nn a nd Winikur, P C
In fo rm a t io n 81bout Ide ntity The ft P reven tio n
We recommend that you regularly review s tatements from your accounts and periodically obtain your credit reportfrom one or more of the na tiona l credit reporting companies . You may obta in a tree copy of your credit reportonline at www.annualcreditreport.com, by calling toll-free 1-877-322-8228, or by mailing an Annual Credit ReportReques t Form (ava ilable a t www.annua lcreditreportcom) to: Annua l Credit Report Reques t Service , P .O. Boxl0528i, Atlanta , GA, 30348-5281. You may a lso purchase a copy of your credit report by contacting one or moreof the three national credit reporting agencies lis ted below.
Equ ifa x:Experian :Tra ns Union :
P.O. BOX 740241, Atlanta , Georgia 30374-0241, 1-800-685-11 l 1, www.equifax.comP.O. Box 9532, Allen, TX 75013, 1-888-397-3742, www.expe rian.comP.O. Box 1000, Ches te r, PA l9022> 1-800-888-4213, www.transunion.com
When you receive your credit reports , review them carefully. Look for accounts or creditor inquiries tha t you didnot initia te or do not recognize . Look for infonnation, such as home address and Socia l Security number, tha t isnot accurate . If you see anything you do not unders tand, cali the credit reporting agency at the te lephone numberon the report.
We recommend you remain vigilant with respect to reviewing your account s ta tements and credit reports , andpromptly re port a ny s us picious a ctivity or s us pe cte d ide ntity the ft to us a nd to the prope r la w e nforce me ntauthorities , including local law enforcement, your s ta te 's a ttorney genera l and/or the Federa l Trade Commiss ion("FTC"). You ma y conta ct the FTC or your s ta te 's re gula tory a uthority to obta in a dditiona l infonna tion a boutavoiding identity theft.
Federal Trade Commiss ion, Consumer Response Center600 Pennsylvania Avenue, N`VlL Washington, DC 20580, 1-877~IDTHEFT (438-4338), www.fte.gov/idtheft
For res iden ts of Maryland: You may a ls o obta in informa tion about preventing and avoiding identity the ftfrom the Maryland Oiiice of the Attorney Genera l:
Maryland Officeof the Attorney General, Consumer Protection Division200 St. Paul Place, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us
For res idents of Mas s achus etts : You also have the right to obtain a police report.
You may a lso obta in information about preventing and avoiding identitytheft from the North Carolina Attorney Genera1's Oiiice:Fo r res iden ts o f North Caro lina :
North Ca rolina Atto rney Ge ne ra l's Office, Consumer Protection Divis ion9001 Mail Service Center, Raleigh, NC 27699~9001, 1-877-5~NO-SCAM, www.ncdoj.gov
We recommend that you regularly review the explanation of benefits s tatement that you receive from your insurer.If you s ee any s e rvice tha t you be lieve you did not rece ive , plea s e contact your ins ure r a t the number on thestatement. If you do not receive regular explanation of benefits s tatements , contact your provider and request themto send such s tatements following the provision of services in your name or number.
You may want to order copies of your credit reports and cheek for any medical bills tha t you do not recognize . Ifyou find anything suspicious , ca li the credit reporting agency a t the phone number on the report. Keep a copy ofthis notice for your records in case of future problems with your medical records . You may also want to reques t acopy of your medica l records from your provide r, to s e rve a s a bas e line . If` you a re a Ca lifornia re s ident, wes ugges t tha t you vis it the web s ite of the Ca lifornia Office of P rivacy Protection a t www.privacy.ca .gov to findmore information about your medical privacy.
Fraud Ale rts : There a re a lso two types of fraud a le lts tha t you can place on your credit report to put your creditorson notice tha t you may be a victim of fraud: an initia l a le rt and an extended a le rt. You may ask tha t an initia l frauda le rt be placed on your credit report if you suspect you have been, or a re about to be , a victim of identity the ft. Aninitia l fraud a le rt s tays on your credit report for a t le a s t 90 days . You may have an extended a le rt placed on yourcre dit re poit if you ha ve a lre a dy be e n a vic tim of ide ntity the ft with the a ppropria te docum e nta ry proof. Anextended fraud a le rt s tays on your credit report for seven years. You can place a fraud a le rt on your credit report byca lling the toli-free fraud number of any ofthe three na tiona l credit reporting agencies lis ted be low.
Equifa x:Expe ria n:Tra nsUnion:
1-888-766-0008, www.equifax.com1-888-397-3742, www.expertian.oom1-800-680-7289, fraud.tra11sunion.com
Cred it Freezes (for Non~Massachuse tts Residents): You may have the right to put a credit freeZe , a lso known asa security freeze , on your credit file , so tha t no new credit can be opened 'm your name without the use of a P INnumbe r tha t is is sue d to you whe n you initia te a fre e ze . A cre dit fre e ze is de s igne d to pre ve nt pote ntia l cre ditgrantors from accessing your credit report without your consent. If you place a credit freeze , potentia l creditors andothe r third pa rtie s will not be a ble to ge t a cce s s to your cre dit re port unle s s you te m pora rily lin the fre e ze .There fore , using a credit freeze may de lay your ability to obta in credit. In addition, you may incur fees to place , liftand/or remove a credit freeze . Credit freeze laws va ry from s ta te to s ta te . The cost of placing, tempora rily lifting,and removing a credit freeze a lso varies by s ta te , genera lly $5 to $20 per action a t each credit reporting company.Unlike a jifa ud a le rt you mus t s e pa ra te lypla ce a e re ditjife e ze on your cre ditfile a t e a ch cre dit re porting compa nyS ince the ins tructions for how to e s tablish a credit freeze diffe r hom sta te to s ta te , please contact the three ma jorcredit reporting companies as specitied be low to fmd out more information:
Equifa x: P .O. Box 105788, Atlanta , GA30348, www.equi:tax.comExpe ria n: P .O. Box 9554, Allen, TX 75013, www.expe rian.comTransUnion LLC: P .O. BOX 2000, Chester, PA, 19022-2000, freeze .transunion.com
You can obta in more infonna tion about fraud a le rts and credit freezes by contacting the FTC or one of the na tiona lcredit reporting agencies listed above.
Cre d it Fre e ze s (for Ma ssa chuse tts Res iden ts ): Massachuse tts law gives you the right to place a security freezeon your consumer reports . A security freeze is designed to prevent credit, loans and se rvices from be ing approvedin your name without your consent. Using a security Neeze , howeve r, may de lay your ability to obta in credit. Youma y re que s t tha t a fre e ze be pla ce d on your cre dit re port by se nding a re que s t to a cre dit re porting a ge ncy bycertified mail, overnight mail or regula r s tamped mail to the address be low:
Equifa x: P .O. Box 105788, Atlanta , GA30348, www.equifax.comExpe ria n: RO. Box 9554, Alle n, TX 75013, www.e xpe ria n.comTransUnion LLC: P .O. BQX 2000, Chester, PA, 19022-2000, freeze .transunion.com
Unlike a jra ud a le rt, you mus t s e pa ra te ly pla ce a cre dit/re e ze on your cre ditfle a t e a ch cre dit re porting compa ny.The following informa tion should be included when reques ting a security freeze (documenta tion for you and yourspouse must be submitted when freezing a spouse 's credit report): full name , with middle initia l and any suffixes ,S ocia l S ecurity number, da te of birth (month, day and yea r), current address and previous addresses for the pas tfive (5) ye a rs , a nd a pplica ble fe e (if a ny) or incide nt re port or compla int with a la w e nforce me nt a ge ncy or theDepartment of Motor Vehicles . The request should a lso include a copy of a government-issued identifica tion ca rd,such a s a drive r's license , s ta te or milita ry 1D ca rd, and a copy of a utility bill, bank or insurance s ta tement. Eachcopy should be legible , display your name and current mailing address, and the da te of issue (sta tement da tes mustbe re ce nt). The cre dit re porting compa ny ma y cha rge a re a sona ble fe e of up to $5 to pla ce a fre e ze or lift orre move a fre e ze , unle s s you a re a victim of ide ntity the ft or the spouse of a victim of ide ntity the ft, a nd ha vesubmitted a va lid police report re la ting to the identity theft to the credit reporting company.
