Michigan Fitness Foundation notice concerning email hack in December, 2020
Notice seen on their web site:
The Michigan Fitness Foundation (“MFF”) is providing notice of a recent data incident that may affect the security of certain individuals’ information. While MFF is unaware of any actual or attempted misuse of the affected information relating to this incident, in an abundance of caution, MFF is providing notice of the incident, steps MFF is taking in response, and resources available to help the potentially affected individuals better protect their information, should they feel it is appropriate to do so.
On or about December 2, 2020, MFF discovered suspicious activity related to certain MFF email accounts. Upon discovery of the suspicious activity, MFF immediately took steps to secure the accounts and launched an investigation to determine the nature and scope of the activity. After a thorough investigation, MFF confirmed that unauthorized access to four (4) email accounts occurred on and was limited to December 2, 2020. While MFF cannot determine if any particular email or attachment was viewed, an unauthorized actor may have had access to certain emails and attachments within the accounts as a result of this activity. In an abundance of caution, a thorough, time-intensive review of the contents of the emails and attachments was done to determine if any personal information may have been accessible within the accounts and to whom that information might relate. On or about March 12, 2021, after a thorough review process, MFF determined personal information was contained within the impacted accounts.
What Information Was Involved? While the investigation found no evidence of actual or attempted misuse of information related to this incident, the review did determine that the information present in the affected email accounts may include certain personal information such as the following names, addresses, dates of birth, and Social Security numbers.
What We Are Doing. The privacy and security of information in MFF’s possession are among its highest priorities. MFF takes this incident very seriously and upon discovering this incident, MFF immediately secured the impacted email accounts and took steps to determine what information was in the accounts. As part of its ongoing commitment to the security of information in our care, MFF is reviewing its existing policies and procedures regarding information security and privacy. MFF has also provided notice of this event to state regulators, as required.
As an added precaution, MFF is offering certain potentially affected individuals complimentary access to 12 months of credit and identity monitoring services through TransUnion. Information on how to enroll in these services may be found in the notice letter mailed to the home address of potentially affected individuals.
What You Can Do. MFF encourages all potentially affected individuals to remain vigilant against potential incidents of identity theft and fraud by reviewing account statements and credit reports for suspicious activity. Potentially affected individuals can find out more about how to safeguard information in the section below titled Steps You Can Take to Protect Personal Information.
For More Information. MFF sincerely regrets any inconvenience or concern this incident may have caused. MFF understands potentially affected individuals may have questions about this incident that are not addressed in this notice. To ensure questions are answered in a timely manner, please call the dedicated information line at 877-209-9642, available Monday through Friday between 9 am to 9 pm Eastern Time. If you think you may be affected but did not receive a letter, please call the dedicated hotline.
Read the full notice on MichiganFitness.org’s web site.