When in doubt, notify. Even if you suspect that it may be a vendor and not your firm that’s been breached – particularly if it’s the FBI or Secret Service that comes knocking on your door to alert you that you may have been breached.
CICS Employment Services Inc is notifying an undisclosed number of individuals that their information may have been accessed without authorization. The firm provides investigative and background checks in Oregon.
I am writing to inform you of an incident that may affect the security of your personal information. We were recently notified by the Federal Bureau of Investigation (the FBI) that personal information we processed regarding an application you made for employment may have been accessed without authorization. This information included your name, address, date of birth and Social Security number. We do not know how or when the alleged unauthorized access may have occurred. The FBI’s forensic examinations of relevant portions of our computer network, database and third party storage provider revealed no evidence of any compromise. However, because of the credible nature of the alleged unauthorized access, we are taking the notification seriously and informing you. Out of an abundance of caution, and at our expense, credit monitoring services will be provided to you as explained below.
In addition to the FBI’s forensic examination, we launched our own investigation into this matter. We immediately engaged the services of an independent forensics investigation firm to determine whether CICS’ security had been compromised. The forensic examinations revealed no evidence that our network or database have been compromised. To ensure the security of all personally identifiable information (PII) in our database, however, and due to our concerns about it being a vendor related breach, we changed web hosts and have ensured that all PII contained in our network is encrypted and secure. The FBI’s investigation into this matter is ongoing, and we are providing any assistance they might need.
Read their full notification letter on the California Attorney General’s web site. The firm has not responded by publication time to an inquiry asking them how many individuals have been notified and if the FBI had any evidence that the information had been misused for identity theft.