SN Servicing Corporation Notifies Clients of Data Security Breach
EUREKA, Calif., July 30, 2021 /PRNewswire/ -- SN Servicing Corporation ("SN") has become aware of an incident that may have exposed some of our borrower's data, including name, contact information, date of birth, social security number, and loan/borrower information. SN takes clients' privacy very seriously and has taken steps to notify any clients who may have been affected by this incident. SN sincerely regrets any inconvenience that this incident may cause and remains dedicated to protecting clients' personal information.
What Happened? On or about October 15, 2020, SN discovered unauthorized access to its network. Upon discovery, SN immediately terminated the access and retained a specialized cybersecurity forensic team to conduct an investigation to determine the nature and scope of the Incident. The forensics team first identified the name and locations of files that were exfiltrated from the firewall records. This investigation concluded on or about November 24, 2020. Based on the results of the investigation, it was determined that an unauthorized party may have been able to access sensitive personal information for some of our borrowers.
SN was able to quickly identify a subset of documents which were believed to contain sensitive information for some borrowers. In the interest of notifying the borrowers as quickly as possible, a preliminary notice was provided for that collection of documents. A data mining vendor was then hired to review the remaining documents to identify any additional individuals that may have been affected and what data may have been exposed. The data mining team provided its initial results on or about April 27, 2021. SN then engaged in a substantial data validation process to verify the accuracy of the data and reconcile to internal records. This validation exercise concluded on or about June 9, 2021. SN then procured credit monitoring for affected individuals and drafted notices to individuals, consumer credit reporting agencies, and state regulators as appropriate.
What information was involved? While we have no reason to believe that your information has been misused as a result of this incident, we are notifying you out of an abundance of caution and for purposes of full transparency. Based on the investigation, the unauthorized party may have had access to one or more of the following data elements: name, contact information, date of birth, social security number, and loan/borrower information. Please note that not every data element was present for every individual. While we appreciate that the incident may be concerning, please note that SN is not aware of any instances of misuse of sensitive data.
What Is SN Doing? SN engaged a specialized cybersecurity firm to conduct an investigation of the incident. Since the incident, SN has continued to strengthen their security posture. Additionally, we have also obtained complimentary credit monitoring for all affected individuals. We encourage you to take advantage of the complimentary credit monitoring services.
What You Can Do. SN encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Additional steps individuals can take are provided in the below "Steps You Can Take to Protect Personal Information."
For More Information. SN sincerely regrets any inconvenience that this incident may cause to its clients and remains dedicated to protecting their information. If you have worked with SN and have any questions or concerns about this incident, please contact (855)-867-0891 between 8:00 a.m. and 5:00 p.m. Central Time.
Additional Important Information
For residents of Hawaii, Michigan, Missouri, Virginia, Vermont, and North Carolina: It is recommended by state law that you remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity.
For residents of Illinois, Iowa, Maryland, Missouri, North Carolina, Oregon, and West Virginia:
For residents of Iowa:
For residents of Oregon:
For residents of Maryland, Rhode Island, Illinois, New York, and North Carolina:
For residents of Massachusetts: It is required by state law that you are informed of your right to obtain a police report if you are a victim of identity theft
For residents of all states:
Fraud Alerts: You can place fraud alerts with the three credit bureaus by phone and online with Equifax (https://assets.equifax.com/assets/personal/Fraud_Alert_Request_Form.pdf); TransUnion (https://www.transunion.com/fraud-alerts); or Experian (https://www.experian.com/fraud/center.html). A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years. The phone numbers for all three credit bureaus are at the bottom of this page.
Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.
Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse or a minor under the age of 16, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As of September 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze for children under the age of 16. You may obtain a free security freeze by contacting any one or more of the following national consumer reporting agencies:
Equifax Security Freeze
Experian Security Freeze
More information can also be obtained by contacting the Federal Trade Commission listed above.
SOURCE SN Servicing Corporation
How to Manage and Migrate Legacy Systems
Raising the Bar for IoT Security with the Matter Standards
IT and OT: Are We at the Point of DÃ©tente?