Notification of Data Security Incident
October 25, 2019 – The Guidance Center has learned of a data security incident that involved protected health information belonging to certain current and former clients. On October 25, 2019, The Guidance Center notified potentially impacted clients and provided resources to assist them.
On March 25, 2019, The Guidance Center discovered unusual activity within its digital environment. Upon discovering this activity, The Guidance Center commenced an investigation and engaged independent cybersecurity experts for assistance, and took numerous steps to secure its systems. The cybersecurity experts engaged by The Guidance Center to investigate ultimately discovered evidence of unauthorized access to a couple of email accounts belonging to certain employees of The Guidance Center. The Guidance Center then engaged a data review firm to determine if the accessed email accounts contained protected health information. On September 17, 2019, The Guidance Center learned that protected health information belonging to some current and former clients was contained within the impacted accounts and was therefore potentially accessed. This information included names, addresses, dates of birth, medical information, health insurance or claims information, and a limited number of Social Security numbers.
The Guidance Center takes the security of all information very seriously. The Guidance Center has no evidence indicating that any information aside from the information contained within the accessed email accounts was impacted in connection with this incident. In addition, The Guidance Center has no evidence that any of the information potentially impacted in connection with this incident has been misused. Nonetheless, The Guidance Center has implemented additional security features to help prevent similar incidents from occurring in the future. The Guidance Center has also reported this matter to the FBI and will cooperate as necessary to hold the perpetrator accountable.
Notification letters were sent to potentially impacted individuals on October 25, 2019. The letters include information about this incident and about steps that potentially impacted individuals can take to monitor and help protect their personal information.The Guidance Center has established a toll-free call center to answer questions about the incident and to address related concerns. The call center can be reached at 855-951-0811, Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time. In addition, as a precaution, The Guidance Center is offering complimentary credit monitoring services through Epiq to those individuals whose Social Security numbers were potentially impacted in connection with this incident. To determine if you qualify for this service, you must obtain verification through the call center. If your Social Security number has been impacted, enrollment information will be made available to you.
The privacy and protection of private information is a top priority for The Guidance Center. The Guidance Center deeply regrets any inconvenience or concern this incident may cause.
The following information is provided to help individuals wanting more information about steps that they can take to protect themselves:
What steps can I take to protect my private information?
- If you detect suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained. You should also report any fraudulent activity or any suspected incidents of identity theft to law enforcement.
- You may obtain a copy of your credit report at no cost from each of the three nationwide credit reporting agencies. To do so, visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three agencies appears at the bottom of this page.
- Notify your financial institution immediately of any unauthorized transactions made, or new accounts opened, in your name.
- You can take steps recommended by the Federal Trade Commission to protect yourself from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
What should I do to protect myself from payment card/credit card fraud?
We suggest that you review your debit and credit card statements carefully in order to identify any unusual activity. If you see anything that you do not understand or that looks suspicious, you should contact the issuer of the debit or credit card immediately.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies once every twelve (12) months. To do so, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three agencies is included in the notification letter and is also listed at the bottom of this page.
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert informs creditors of possible fraudulent activity within your report and requests that creditors contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is listed below.
Contact information for the three nationwide credit reporting agencies is as follows:
|Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
|Experian Security Freeze
PO Box 9554
Allen, TX 75013
PO Box 2000
Chester, PA 19022