December 2017
Company Name: Department of Homeland Security
Date of Incident: May 10, 2017
Date Public Notified: December 28, 2017
Data Accessed: Names, Social Security numbers, dates of birth, positions, grades, duty stations, alien registration numbers, email addresses, phone numbers and addresses.
Who is Affected: Approximately 246,167 current (and former) federal government employees, who were employed directly by DHS during 2014. As well as subjects, witnesses, and complainants who were both DHS employees and non-DHS employees. The number of Wisconsin residents who were impacted is unknown.
Details: On Wednesday, May 10, 2017, as part of an ongoing criminal investigation conducted by The Department of Homeland Security (DHS) Office of the Inspector General (OIG) and the U.S. Attorney’s Office, DHS OIG discovered an unauthorized copy of its investigative case management system in the possession of a former DHS OIG employee. The compromised information included names, Social Security numbers, dates of birth, positions, grades, duty stations, alien registration numbers, email addresses, phone numbers and addresses contained in the DHS OIG case management system.
DHS is working to protect the information of affected employees and prevent similar incidents from occurring in the future. DHS OIG has implemented a number of security precautions to further secure the DHS OIG network, and is providing AllClear ID protection services to affected individuals for 18 months at no cost.
Affected individuals may contact AllClear ID at (855) 260-2767 and a dedicated investigator will assist with any questions or issues.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Village of Nashotah
Date of Incident: November 20, 2017
Date Public Notified: December 8, 2017
Data Accessed: Names, addresses, dates of birth and drivers license numbers.
Who is Affected: Between 980 and 1000 Wisconsin residents who were registered voters with the Village of Nashotah.
Details: On Monday, November 20, 2017, the Village of Nashotah’s computer system was infected with Ransomware, which may have exposed the personal information of village residents listed on the voter registration rolls. The voter registration rolls include the voter’s name, address, date of birth and driver’s license number. The voter registration rolls do not include the voter’s social security numbers or any credit card information.
Upon learning of the incident, the Village of Nashotah immediately notified law enforcement officials who launched a criminal investigation, and computer specialists to halt further damage. The Village of Nashotah also notified the three nationwide consumer reporting agencies. The Village is working with two IT firms to develop additional measures that can help prevent this type of incident from happening again.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
November 2017
Company Name: Medical College of Wisconsin
Date of Incident: Between July 21 and July 28, 2017
Date Public Notified: November 17, 2017
Data Accessed: Patients’ names, home addresses, dates of birth, medical record numbers, health insurance information, date(s) of service, surgical information, diagnosis/condition, and/or treatment information. A limited number of Social Security numbers and bank account information.
Who is Affected: 7,289 Wisconsin residents who were patients of the Medical College of Wisconsin during the time of the breach.
Details: Between July 21 and July 28, 2017, the Medical College of Wisconsin (MCW) learned that a small number of faculty and staff were victims of a spear phishing attack to their email system. An unauthorized third party accessed a limited number of email accounts that contained patients’ protected health information. The compromised information included patients’ names, home addresses, dates of birth, medical record numbers, health insurance information, date(s) of service, surgical information, diagnosis/condition, and/or treatment information. Social Security numbers and bank account information for a very small number of patients were also contained within the affected email accounts.
Upon discovering the issue, MCW promptly disabled the impacted email accounts, required password changes, and commenced an investigation with a computer forensic firm to analyze the extent of any compromise to the email accounts and the security of the emails and attachments contained within them. MCW is offering credit monitoring and identity theft restoration services to those individuals whose Social Security numbers were potentially compromised.
The Medical College of Wisconsin has established a call center for patients at 1-844-666-7416, to answer additional questions.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Saris Cycling Group
Date of Incident: October 18, 2017
Date Public Notified: November 15, 2017
Data Accessed: Names, addresses and Social Security numbers.
Who is Affected: An unknown number of Wisconsin residents who are current or former employees of Saris Cycling Group.
Details: On Wednesday, October 18, 2017, Saris discovered that they had become the target of a phishing email campaign and that an employee had clicked on phishing emails and entered their credentials. An unknown actor gained access to an employee’s email account containing names, addresses and Social Security numbers.
Upon learning of the incident, Saris immediately took steps to secure the employee’s email account and launched an in-depth forensic investigation to determine whether any sensitive information was accessed or acquired. Additionally, Saris is providing free credit monitoring through Kroll to all of those affected by the breach.
Saris has established a dedicated hotline though Kroll at 1-866-599-4455 between 9:00 am and 6:00 pm ET, Monday through Friday, excluding major holidays, to answer additional questions.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Uber Technologies Inc.
Date of Incident: October 2016
Date Public Notified: November 22, 2017
Data Accessed: Names, phone numbers, email addresses and, in some cases, driver license numbers.
Who is Affected: 2,703 Wisconsin residents who were employees of Uber during the time of the breach.
Details: Uber disclosed on Tuesday, November 21st that hackers had stolen 57 million driver and rider accounts. The hackers stole information from an Amazon Web Services account that housed data about the company’s riders and drivers. The driver’s license numbers of 2,703 Uber employees in Wisconsin, were compromised. Additionally names, phone numbers and email addresses of Uber clients were compromised.
At the time of the incident, Uber took immediate steps to secure the data and shut down further unauthorized access by the individuals. Uber also implemented security measures to restrict access to and strengthen controls on their cloud-based storage accounts. Uber has hired the cybersecurity firm, Mandiant, to investigate the hack.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
October 2017
Company Name: Home Box Office, Inc. (HBO)
Date of Incident: May 15, 2017
Date Public Notified: October 31, 2017
Data Accessed: Social Security numbers.
Who is Affected: Three Wisconsin residents who were customers of HBO during the time of the breach.
Details: In late July 2017, HBO became aware of an incident in which an unauthorized third party claimed to have accessed HBO’s information technology network. The intruder illegally accessed HBO’s network, including the personally identifiable information of customers. The compromised data included customer Social Security numbers.
Upon learning of the breach, HBO responded immediately and is currently cooperating with law enforcement. HBO is working to decrease the chance of a similar occurrence in the future, including implementing additional security measures, internal controls, and safeguards. Additionally, HBO is offering 12 months of free identity theft prevention and mitigation services from AllClear ID.
HBO has established an identity repair assistance line at 1-855-742-6218 through AllClear ID, to address questions Monday through Saturday, 8 a.m. to 8 p.m. Central Time. You may also email AllClear ID’s support center at support@allclearid.com.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Kimberly-Clark
Date of Incident: October 18, 2017
Date Public Notified: October 30, 2017
Data Accessed: Name, date of birth, e-mail address, and child name and date of birth (if provided).
Who is Affected: 500 Wisconsin residents who had Kimberly-Clark brand online accounts during the time of the breach.
Details: On Friday, October 20th, 2017 Kimberly-Clark identified an organized unauthorized attempt to access registered accounts on their website application. The account profile information that was potentially exposed includes name, date of birth, e-mail address, and child name and date of birth (if provided). No financial information or social security numbers were compromised.
Upon learning of the breach, Kimberly-Clark took immediate action to block the unauthorized access. Kimberly-Clark is conducting maintenance work on the Huggies Rewards app, and locked all Kimberly-Clark user accounts between October 20, 2017 and October 25, 2017. Kimberly-Clark required all affected consumers to reset their passwords.
For more information on Huggies Rewards contact Kimberly-Clark at support@huggiesrewards.zendesk.com. For questions on all other brands, please visit http://www.kimberly-clark.com/contact-us.aspx or 1-888-525-8388.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Beer Capitol Distributing
Date of Incident: October 5, 2017
Date Public Notified: October 13, 2017
Data Accessed: W-2 statement including name, address, Social Security number, and wages.
Who is Affected: 475 current and former employees of Beer Capitol Distributing who received a W-2 for 2016.
Details: On Thursday October 5, 2017, Beer Capitol Distributing was the target of a criminal email phishing scam. The company received a fraudulent email from an imposter who was posing as an executive of the company. As a result of the cyber scam, the personal information of current and former employees of Beer Capitol Distributing, including name, address, social security number, and wages earned during the reporting period, was compromised.
Upon learning of the incident, Beer Capitol Distributing immediately began an investigation with the assistance of a forensic IT consulting firm and law enforcement agencies. Beer Capitol Distributing has notified the FBI, the Internal Revenue Service and the Wisconsin Department of Revenue so that they are aware of the possibility of the filing of fraudulent tax returns based on the disclosed information. Beer Capitol Distributing is also offering Experian identity and credit protection and restoration services at no cost to affected individuals.
Employees with additional concerns or questions may contact Beer Capitol Distributing directly by directing inquiries to Karen Garlock at 262-932-2346 or Karen.garlock@beercapitol.com.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Whole Foods Market
Date of Incident: September 28, 2017
Date Public Notified: October 3, 2017
Data Accessed: Credit and debit card data.
Who is Affected: An unknown number of Wisconsin residents who made a purchase with their debit or credit cards at Whole Foods Market in Wauwatosa, WI during the time of the breach.
Details: On Thursday, September 28, Whole Foods Market discovered unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected.
Upon learning of the incident, Whole Foods Market launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue. Whole Foods Market is conducting an ongoing investigation and will provide updates as more information is acquired.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Sonic Drive-In
Date of Incident: September 27, 2017
Date Public Notified: October 3, 2017
Data Accessed: Credit and debit card data.
Who is Affected: An unknown number of Wisconsin residents who made a purchase with their debit or credit card at a Sonic restaurant during the time of the breach.
Details: On Wednesday, September 27, Sonic Drive-In discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations.
Upon learning of the incident, Sonic immediately contacted law enforcement and began working with experienced third-party forensics firms to help in the investigation of the data breach. Sonic is offering affected customers 24 months of free fraud detection and identity theft protection through Experian’s IdentityWorks program.
Sonic has set up a hotline that affected consumers may contact with additional questions at 877-534-7032.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
September 2017
Company Name: Briggs & Stratton
Date of Incident: July 25-28, 2017
Date Public Notified: September 29, 2017
Data Accessed: Name, address, phone number, email address, account login credentials, employee ID, state ID number, driver’s license number, ITIN number, medical and health insurance information, passport number, date of birth and Social Security number.
Who is Affected: An unknown number of Wisconsin residents who are current or former employees of Briggs & Stratton or health care dependents and insurance beneficiaries of those employees.
Details: On Tuesday July 25, 2017 Briggs & Stratton discovered a malware attack of the computer systems at their Milwaukee, WI and Munnsville, NY locations. The potentially compromised information included name, address, phone number, email address, account login credentials, employee ID, state ID number, driver’s license number, ITIN number, medical and health insurance information, passport number, date of birth and Social Security number.
Upon learning of the incident, Briggs & Stratton immediately notified the FBI, the Department of Homeland Security and the Wisconsin Department of Justice. Briggs & Stratton has hired forensic consultants to eradicate the malware. Additionally, Briggs & Stratton is offering one year of free credit monitoring to all affected individuals.
Briggs & Stratton has established a dedicated incident response line at 1-888-396-9514 or visit https://www.basco.com to answer additional questions.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Network Health
Date of Incident: Early August
Date Public Notified: September 22, 2017
Data Accessed: Member names and IDs, provider information, addresses, phone numbers and dates of birth.
Who is Affected: 51,232 members of Network Health.
Details: In early August, two Network Health staff members were identified as the victims of a sophisticated email phishing attack by an unauthorized party which resulted in the potential exposure of their company emails. The potentially exposed information includes member names and IDs, provider information, addresses, phone numbers and dates of birth.
Upon discovering the attack, Network Health took prompt action to secure the affected email accounts, to contain the impact and prevent further threats from the intruder. A forensic security expert was engaged to assess the attack and federal law enforcement officials were notified and are investigating the matter. Additionally, Network Health is offering one year of free identity theft protection and monitoring to affected individuals.
Network Health has established a dedicated call center at 855-609-5849 to answer any questions regarding the incident.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Equifax
Date of Incident: Between mid-May and July 29, 2017
Date Public Notified: September 7, 2017
Data Accessed: Names, Social Security numbers, birth dates, addresses, some credit card numbers and the numbers of some driver's licenses.
Who is Affected: As many as 145.5 million U.S. consumers (updated from 143 million on 10/3/17).
Details: On Thursday, September 7th, Equifax discovered a cybersecurity incident that exploited a U.S. website application vulnerability to gain access to certain files. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. There is no evidence of unauthorized access to core consumer or commercial credit reporting databases.
Upon learning of the incident, Equifax hired an independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax is conducting an ongoing investigation and is working with law enforcement and authorities. Additionally, Equifax is offering free credit monitoring through TrustedID Premier to all U.S. consumers. Consumers can log into www.equifaxsecurity2017.com to determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. Equifax is working with a leading cybersecurity firm to help prevent this type of incident from happening again.
Equifax has established a dedicated call center at 866-447-7559, to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern Time.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
August 2017
Company Name: Fiduciary Management, Inc.
Date of Incident: August 7, 2017
Date Public Notified: August 17, 2017
Data Accessed: Name, organization or trust name, Social Security number or Taxpayer Identification number, and custodial bank or brokerage account number.
Who is Affected: 966 Wisconsin residents who had accounts with Fiduciary Management, Inc. were potentially impacted.
Details: On Monday, August 7, 2017, Fiduciary Management Inc. discovered that the email account of one of their employees was subject to unauthorized access. Compromised information included names, organization or trust’s names, Social Security numbers or Taxpayer Identification numbers, and custodial bank or brokerage account numbers.
Upon learning of the incident, Fiduciary Management Inc. immediately terminated the unauthorized access, began an investigation with the assistance of a third party forensic investigator and reported the incident to the police. Fiduciary Management Inc. is reviewing their data security policies, procedures and staff privacy training, as well as identifying potential improvements to existing security to reduce the risk of a similar incident occurring in the future. Additionally, Fiduciary Management Inc. is offering two years of credit monitoring and identity restoration services from Experian.
For additional questions, affected consumers should contact President John Brandser at 414- 226-4545.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Native Canada Footwear Ltd.
Date of Incident: Between April 2015 and June 23, 2017
Date Public Notified: August 16, 2017
Data Accessed: Customer name, address, email, telephone number and credit or debit card information.
Who is Affected: 148 Wisconsin residents who made Visa or MasterCard purchases through the Native Shoes website during the time of the breach.
Details: On Friday, June 23, 2017, Native Shoes became aware of a potential vulnerability in the security of its website. Native Shoes learned that malware infected the Native Shoes website as early as April 2015 and resided in the website until the system was taken offline on June 23, 2017.The compromised information included customer names, addresses, emails, telephone numbers and credit or debit card information.
Upon learning of the incident, Native Shoes immediately took the system offline and hired well-respected forensics firms to conduct a full investigation into what had happened. Native Shoes is conducting a thorough review of its electronic systems, including those not involved in this incident. Additionally, Native Shoes is offering consumers a year of free credit monitoring services.
Native Shoes has launched a dedicated website, at https://www.nativeshoes.com/08-08-17/breach-help, and a dedicated telephone hotline, at (866) 685-6159, to answer customers’ questions about this incident.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
July 2017
Company Name: Anthem, Inc./Launchpoint Ventures
Date of Incident: April 12, 2017
Date Public Notified: July 24, 2017
Data Accessed: Medicare ID numbers (which includes a Social Security number), health plan ID numbers (HCID), Medicare contract numbers, dates of enrollment, and a limited number of last names and birthdates.
Who is Affected: 223 Wisconsin residents who were Medicare beneficiaries that had a Medicare Advantage plan.
Details: On April 12, 2017, Anthem’s Medicare insurance coordination services vendor, LaunchPoint learned an employee was likely involved in identity theft-related activities. LaunchPoint found that the employee emailed a file with protected health information (PHI) to his personal email address on July 8, 2016. The personal information that was compromised included Medicare ID numbers, (which includes a Social Security number), health plan ID numbers (HCID), Medicare contract numbers, dates of enrollment and a limited numbers of last names and birthdates.
Upon learning of the incident, LaunchPoint terminated the employee, hired a forensic expert to investigate, and is working with law enforcement. The employee is in prison and is under investigation by law enforcement for matters unrelated to the emailed Anthem file. LaunchPoint is also offering affected members two years of credit monitoring and identity theft restoration services with AllClear ID at no cost.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Dow Jones & Company
Date of Incident: May 30, 2017
Date Public Notified: July 16, 2017
Data Accessed: Names, addresses, account information, email addresses, and last four digits of credit card.
Who is Affected: An unknown number of Wisconsin residents who were customers of Dow Jones & Company during the time of the breach.
Details: On May 30th, 2017 Dow Jones & Company discovered that their cloud-based file repository was configured to allow semi-public access to the sensitive personal and financial details of millions of the company’s customers. The exposed data included the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron's. The details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations, were also exposed.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Verizon
Date of Incident: June 13, 2017
Date Public Notified: July 12, 2017
Data Accessed: Customer name, account PIN numbers, and a limited number of cell phone numbers.
Who is Affected: An unknown number of Wisconsin residents who had accounts with Verizon during the time of the breach.
Details: Verizon recently discovered that an employee of a third party vendor put information into a cloud storage area and incorrectly set the storage to allow external access. The compromised data included customer names, account PIN numbers, and a limited number of cell phone numbers. Verizon confirmed that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher.
Verizon was alerted of the incident on June 13th, and the leak was closed on June 22. Customers are encouraged to update their PIN number, and never use the same PIN twice.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: QBE North America
Date of Incident: May 31, 2017
Date Public Notified: July 5, 2017
Data Accessed: Login credentials.
Who is Affected: 3 Wisconsin residents who are current and former employees of QBE North America.
Details: On Wednesday, May 31, 2017 QBE North America was the victim of a phishing attack that targeted employee email accounts. The suspicious activity was reported by one of the victims on June 1, 2017. The compromised information included employee login credentials. An investigation concluded that credentials were obtained from five email accounts, and a successful attempt to access the mailboxes was made from Lagos, Nigeria.
QBE is conducting an ongoing investigation and has taken steps to contain the incident and further understand its impact. The employees who accessed the phishing site have been identified and have had their passwords reset. QBE is continuing their efforts to inform and educate users of phishing techniques and train employees on how to properly identify and react to suspicious email behavior.
Additional questions or concerns in regards to the data breach may be directed towards Jennifer Vernon, Privacy Official for QBE North America at 608-825-5827.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
June 2017
Company Name: Community Link, Inc.
Date of Incident: May 31, 2017
Date Public Notified: June 30, 2017
Data Accessed: First name, last name, Social Security number.
Who is Affected: 5,500 Wisconsin residents who were members of Community Link, Inc. during the time of the breach.
Details: On Wednesday, May 3, 2017 Community Link, Inc. discovered that an unauthorized party gained access to an employee work email account. An email in the employee’s account contained a limited number of members’ information, including member names, social security numbers, and member identification numbers, which are social security numbers.
Upon learning of the incident, Community Link immediately locked down the email account and began an investigation. Community Link is offering one free year of Experian’s ProtectMyId Alert. Community Link is implementing additional security measures for the access of email accounts, use of mobile devices, additional password protection and training for staff on privacy and security policies and procedures.
For additional questions or concerns in regards to the data breach, please contact 1-855-878-8555 between 8:00am and 5:00pm Central time Monday through Friday.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: U.S. Cellular
Date of Incident: April 2017
Date Public Notified: June 22, 2017
Data Accessed: Username and password, Social Security number, name, address and cellular telephone number.
Who is Affected: An unknown number of Wisconsin residents who had accounts with U.S. Cellular during the time of the breach.
Details: U.S. Cellular recently discovered unusual activity on their My account login system. The attack indicated that hackers obtained user names and passwords from a third-party source to access U.S. Cellular accounts. Compromised information included user name and password, Social Security number, name, address and cellular telephone number.
Upon learning of the incident, U.S. Cellular expired current passwords and disabled accounts of former customers. U.S. Cellular also introduced additional technical control to protect My account from unauthorized access. Additionally, U.S. Cellular reported the incident to law enforcement as well as certain state agencies. Finally, U.S. Cellular is offering 12 months of free credit monitoring services through Equifax Credit Watch Gold.
Contact the customer service department of U.S. Cellular at 1-888-944-9400 to change your PIN.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Bed Bath & Beyond
Date of Incident: May 26, 2017
Date Public Notified: June 18, 2017
Data Accessed: Username and password.
Who is Affected: Potentially 35 Wisconsin residents who have online accounts with Bed Bath & Beyond.
Details: Bed Bath & Beyond recently discovered suspicious website activity. An unauthorized individual was attempting to login into Bed Bath & Beyond accounts by guessing commonly used passwords or by obtaining usernames and passwords from another source. The compromised information included usernames and passwords of online account holders.
Upon learning of the incident, Bed Bath & Beyond promptly investigated the suspicious activity. Bed Bath & Beyond then blocked the source of the unauthorized logins from any future access. For additional protection, Bed Bath & Beyond also locked all affected accounts, disabled passwords and will require new passwords for future account access.
For more information about this incident, or for additional questions or concerns about this incident, affected consumers may contact Bed Bath & Beyond at 1-844-268-5469.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
May 2017
Company Name: Allrecipes.com
Date of Incident: Prior to June 2013
Date Public Notified: May 25, 2017
Data Accessed: Email addresses and passwords.
Who is Affected: An unknown number of Wisconsin residents who were registered members of Allrecipes.com during the time of the breach.
Details: Allrecipes.com recently determined that the email address and password typed into allrecipes.com by members when they created or logged into their accounts prior to June 2013 may have been intercepted by an unauthorized third party. The compromised information included email addresses and allrecipes.com passwords created prior to June 2013.
Allrecipes.com recommends that all members who registered or logged into allrecipes.com prior to June 2013 promptly change their password. Allrecipes.com is taking other steps as well and will continue to work diligently to deter unauthorized activity.
For additional questions about this matter, consumers may visit the website at http://allrecipes.com/.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: UW Health
Date of Incident: March 16, 2017
Date Public Notified: May 25, 2017
Data Accessed: Patient's name; address; date of birth; date of service; provider's name; reason for visit; medical history and conditions; medications; diagnostic results; and/or social history.
Who is Affected: 2,036 Wisconsin residents who were patients of UW Health.
Details: On Tuesday March 28, 2017, UW Health became aware that patient information was compromised after an employee's email account was used by an unauthorized user. The compromised information included patient’s name, address, date of birth, date of service, provider’s name, reason for visit, medical history and conditions, medications; diagnostic results and/or social history. UW Health says patients’ medical records, Social Security numbers, credit card numbers, health insurance numbers, or other financial information were not included in the emails.
Upon learning of the incident, UW Health says they immediately started an investigation and disabled the account and password.
UW Health has established a call center to answer questions. If you feel you may be impacted and did not get a letter by June 8, or have questions about this incident call 1-888-742-9174 Monday through Friday between 1 a.m. and 8 p.m. Central Time.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: BMO Harris Bank
Date of Incident: May 15, 2017
Date Public Notified: May 24, 2017
Data Accessed: Names, addresses, last four digits of the Social Security numbers, account numbers, IRA contributions for 2016, and Fair Market Value of the IRA.
Who is Affected: 13,581 Wisconsin residents who had accounts with BMO Harris Bank during the time of the breach.
Details: On Monday, May 15, 2017, BMO Harris Bank discovered an error in the production of 2016 IRS Form 5498 for BMO Harris Bank IRA accounts through which some customers received their own Form 5498 along with another customer’s Form 5498, while other customers did not receive any form. The compromised information included name, address, the last four digits of the Social Security number, account number, IRA contributions for 2016, and Fair Market Value of the IRA as of December 31, 2016.
Upon learning of the incident, BMO Harris has made every effort to ensure forms received in error were destroyed or returned to the Bank, and customers who did not receive their form will receive it by mail no later than May 31, 2017. Additionally, BMO Harris is offering one free year of identity theft protection and credit monitoring to impacted customers.
For more information about this incident, or for additional questions or concerns, affected consumers may contact BMO Harris Bank directly at (202) 257-2762 or phank@ballardspahr.com.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Capital First Trust Company
Date of Incident: March 7, 2017
Date Public Notified: May 15, 2017
Data Accessed: User email accounts; shared files; names; addresses; account numbers; driver's license numbers; and Social Security numbers.
Who is Affected: 16 Wisconsin residents who had online accounts with Capital First Trust Company.
Details: On March 7, 2017 Capital First Trust detected suspicious activity related to Capital First's online accounts. Capital First began an internal investigation and on April 7, 2017, and confirmed that an unauthorized user had gained access to Capital First user accounts. Compromised information included email accounts, shared files, names, addresses, account numbers, driver's license numbers, and Social Security numbers.
Upon learning of the incident, Capital First began working with a computer forensics company to further enhance security, including adding new, stronger password and encryption measures to its systems. Capital First will offer 12 months of credit monitoring and identity theft protection through Kroll to its clients at no cost.
Capital First remains dedicated to protecting the sensitive information of its systems. For questions or additional information, please do not hesitate to contact MVentrone@ThompsonCoburn.com or (312) 580-2219.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Kuru
Date of Incident: Between December 20, 2016 and March 3, 2017
Date Public Notified: May 15, 2017
Data Accessed: Cardholder's name, addresss, card number, expiration data and CVV.
Who is Affected: An unknown number of Wisconsin residents who made a purchase at Kuru’s online website during the time of the breach.
Details: On Thursday, February 22, 2017 Kuru discovered that they were the victim of a sophisticated cyber-attack that resulted in the potential compromise of customer debit and credit card data used at www.kurufootwear.com. The compromised information included cardholder’s name, address, card number, expiration date and CVV.
Upon learning of the incident, Kuru immediately began to work with third-party forensic experts to investigate and implement procedure to further protect customer credit and debit card information. Kuru removed the malware to prevent additional unauthorized access. The FBI is conducting an ongoing investigation, and Kuru continues to work with third-party forensic investigators as well as law enforcement to ensure the security of their systems. At this time consumers can safely use their payment cards on the website.
Kuru has established a dedicated assistance line at 888-738-0532 to answer any additional questions about the incident.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Brooks Brothers
Date of Incident:Between April 4, 2016 and March 1, 2017
Date Public Notified: May 12, 2017
Data Accessed: Payment card data including name, payment card account number, card expiration data, and card verification code.
Who is Affected: An unknown number of Wisconsin residents were affected by the breach. Three Brooks Brothers locations were affected in Wisconsin. They are located in Glendale, Pleasant Prairie, and Oshkosh.
Details: Brooks Brothers was recently alerted that an unauthorized individual was able to gain access to and install malicious software designed to capture payment card information on some of their payment processing systems at retail and outlet locations. The compromised information included name, payment card account number, card expiration date, and card verification code. The incident did not affect Social Security numbers, customer addresses, or any other sensitive personal information.
Upon learning of the incident, Brooks Brothers took immediate action including initiating an internal review, engaging independent forensic experts to assist in the investigation, remediation of their systems and alerting law enforcement. Brooks Brothers continues to review and enhance their security measures and confirms that this issue has been resolved and is no longer impacting transactions.
For more information about this incident, or for additional questions or concerns about this incident, affected consumers may contact Brooks Brothers directly at 888-735-5927.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
April 2017
Company Name: Chipotle
Date of Incident: Between March 24th, 2017 and April 18th, 2017
Date Public Notified: April 25, 2017
Data Accessed: Credit and debit card data.
Who is Affected: An unknown number of Wisconsin residents who made a purchase with their debit or credit card at a Chipotle restaurant during the time of the breach.
Details: Chipotle recently detected unauthorized activity on their network that supports payment processing for purchases made in Chipotle restaurants. Potentially compromised personal information includes credit and debit card numbers.
Upon learning of the incident, Chipotle immediately began an investigation with the help of leading cyber security firms, law enforcement, and their payment processor. Chipotle has taken steps to stop the unauthorized activity, and has implemented additional security enhancements. Chipotle is conducting an ongoing investigation, and will provide further notification to any affected customers as they obtain clarity about the specific timeframes and restaurant locations that may have been affected.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Payless Décor LLC
Date of Incident: March 31, 2016 - December 9, 2016
Date Public Notified: April 10, 2017
Data Accessed: Payment card data.
Who is Affected: 122 Wisconsin residents who had customer accounts with Payless Décor LLC.
Details: From March 31, 2016, through December 9, 2016, there was illegal and unauthorized access to customer account information. An unauthorized individual may have used the Internet to gain access to customer payment card data. No CVV information associated with payment cards was accessed.
Upon initial discovery of the breach, the Payless Décor LLC platform provider immediately disabled the ability of the altered code to capture payment card and other data, quarantined malicious files it discovered, created alerts to detect and block traffic from suspicious IP addresses and changed administrative passwords. Payless Décor LLC is implementing additional internal controls and safeguards to prevent a recurrence of such an attack.
For further information and assistance, consumers may contact Seth Roseman or Jennifer Lord at 800-925-4635 at Payless Décor LLC.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: GameStop
Date of Incident: Mid-September 2016 - February 2017
Date Public Notified: April 7, 2017
Data Accessed: Customer card number, expiration date, name, address and card verification value (CVV).
Who is Affected: An unknown number of Wisconsin residents who made a purchase with a payment card on the GameStop.com website during the time of the breach.
Details: GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. The compromised personal information may include customer card numbers, expiration dates, names, addresses and card verification values (CVV).
Upon initial discovery of the breach, GameStop hired a leading security firm to investigate. GameStop has and will continue to work non-stop to address the data breach and take appropriate measures to eradicate any issue that may be identified.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
March 2017
Company Name: Toole Design Group LLC
Date of Incident: March 28, 2017
Date Public Notified: March 29, 2017
Data Accessed: W-2 information including name, address, Social Security number and earnings information for 2016.
Who is Affected: 8 Wisconsin residents who are current and former employees of Toole Design Group LLC and received a W-2 for 2016.
Details: On Tuesday, March 28, 2017 Toole Design Group LLC was the target of a phishing email scam, which asked an employee to forward 2016 W-2 information to a fraudulent email address. The compromised information included employees’ names, addresses, Social Security numbers and earning information for 2016.
Upon learning of the incident, Toole Design Group LLC took all of the necessary steps to address the incident and to prevent it from happening again. Toole Design Group LLC is offering a 36-month membership to EXPERIAN IDENTITYWORKS for all affected employees.
If employees have any additional questions, they may contact Eric, RJ or Jennifer Toole at 301-927-1900, or by email.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Metropolitan Urology Group
Date of Incident: November 28, 2016
Date Public Notified: March 10, 2017
Data Accessed: Patient first and last name, procedure codes, dates of service, patient account number or patient control number, provider identification number and Social Security number in some cases.
Who is Affected: An unknown number of Wisconsin residents who were patients of Metropolitan Urology Group between 2003 and 2010.
Details: On Tuesday, January 10, 2017, Metropolitan Urology Group was made aware that a ransomware attack that occurred on November 28, 2016 exposed certain patient health information to the hackers who infected two servers with the ransomware virus. The compromised information included patient first and last name, procedure codes, dates of service, patient account number or patient control number, provider identification number and less than five patients also had their social security numbers exposed.
Metropolitan Urology Group has been working with a premier, international information technology firm to remove the ransomware virus and is taking steps to ensure that such attacks never occur again. Information technology vendor, Digicorp, will be working with Metropolitan Urology Group to provide training on information security.
Metropolitan Urology Group has established a hotline for patients to call,1-844-856-0331 between 9 am and 9 pm, Monday through Friday, Eastern Standard Time, to answer additional questions.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: prAna
Date of Incident: December 14, 2016 to February 6, 2017
Date Public Notified: March 8, 2017
Data Accessed: Customer name, address, phone number, email address, payment card number, expiration date and security code (CVV), username and website account password.
Who is Affected: 7,569 Wisconsin residents who used prAna’s e-commerce website between December 14, 2016 and February 6, 2017.
Details: On Tuesday, February 6, 2017 prAna detected that an unauthorized third party may have obtained access to the servers that operate its e-commerce website, www.prana.com. An unauthorized third party installed code that was designed to capture information as it was being entered on the site during the checkout process between December 14, 2016 and February 6, 2017. The compromised information included customer name, address, phone number, email address, payment card number, expiration date and security code (CVV), username and account password for the website.
Upon learning of the incident, prAna quickly began an investigation and hired a leading cybersecurity firm to investigate and remediate the website. PrAna also notified the FBI who is conducting an ongoing investigation. PrAna is requiring users to change their account passwords, and continues to strengthen the security of its e-commerce website.
PrAna has established a toll free number to contact at 1-844-685-5625, Monday through Friday from 9am to 9pm for additional questions.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: QualiChem Inc.
Date of Incident: February 13, 2017
Date Public Notified: March 7, 2017
Data Accessed: 2016 W-2 information.
Who is Affected: 1 Wisconsin resident who is an employee of QualiChem Inc. and received a W-2 for 2016.
Details: On Monday, February 13, 2017 an employee of QualiChem Inc. fell victim to a fraudulent email phishing scheme requesting W-2 wage information. The QualiChem employee sent the W-2 information of QualiChem’s approximately 84 employees. QualiChem did not learn of the incident until March 6, 2017 when fraudulent tax returns were filed.
Upon learning of the incident, QualiChem Inc. immediately took steps to notify law enforcement and the IRS. QualiChem Inc. is planning to work with the FBI to bring the perpetrators to justice.
If employees have any additional questions or need assistance, they may contact Buddy Hill, QualiChem CFO at 540-375-6700 x 1027 or email jhill@qualichem.com.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Science Mobile LLC, DBA the Wishbone App
Date of Incident: August 2014
Date Public Notified: March 14, 2017
Data Accessed: User names, email addresses, telephone numbers and dates of birth.
Who is Affected: 46 Wisconsin residents who have accounts with the Wishbone app.
Details: On March 14, 2017 Wishbone became aware that unknown individuals may have had access to an API without authorization and were able to obtain account information of its users. The information involved in the incident included Wishbone users’ user names, email addresses, and telephone numbers, and in certain cases, dates of birth. However, no passwords, user communications or financial account information were compromised in the incident.
Upon learning of the incident, Wishbone immediately acted to investigate and initiate precautionary measures. Although no passwords were compromised in the incident, users may wish to consider changing their password as a preventative measure.
Affected users may contact info@getwishboneapp.com with additional questions.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Dairy Management Inc.
Date of Incident: February 9, 2017
Date Public Notified: March 7, 2017
Data Accessed: W-2 information including name, address, Social Security number and current earnings.
Who is Affected: 3 Wisconsin residents who are current and former employees of Dairy Management Inc. and received a W-2 for 2016.
Details: On Thursday, February 9, 2017 Dairy Management Inc. was the target of a data breach involving employees’ W-2 information. Compromised information included employees’ names, addresses, Social Security numbers and current earnings.The breach was discovered when two employees attempted to electronically file their 2016 tax returns, and they were rejected by the IRS.
Upon learning of the incident, Dairy Management Inc. immediately reported the breach to the police, ADP their bank and the IRS. Dairy Management Inc. will provide a credit monitoring service for each affected employee.
If employees have any additional questions, they may contact Bob Stone at bob.stone@dairy.org or 847-627-3231, or Bill Cusick at bill.cusick@dairy.org or call 847-627-3267.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
February 2017
Company Name: John Deere Financial
Date of Incident: January 24, 2017
Date Public Notified: February 23, 2017
Data Accessed: Name, Social Security number, John Deere financial account number and balance information.
Who is Affected: 2 Wisconsin residents with John Deere financial accounts.
Details: On January 24, 2017 an incident occurred in which John Deere Financial sent a misdirected email that included the personal information of clients. The compromised personal information included names, Social Security numbers, John Deere financial account numbers and balance information. John Deere is confident that no bank account information was disclosed and there is no evidence to suggest that the personal information was misused.
Upon learning of the incident, John Deere Financial immediately identified and notified the three unintended recipients to request that the information be destroyed. John Deere is conducting an ongoing investigation.
Any further questions related to the data breach incident may be directed to Aaron E. Swenson, Division Manager, Privacy at (608) 821-2266.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: InterMountain Management LLC
Date of Incident: February 3, 2017
Date Public Notified: February 21, 2017
Data Accessed: W-2 information including name, address, Social Security number and wage information.
Who is Affected: 124 Wisconsin residents who are current and former employees of InterMountain Management LLC and received a W-2 for 2016.
Details: On Friday, February 3, 2017 InterMountain Management LLC was the victim of an email spoofing attack by an individual pretending to be the owner of the company. A request was made for all 2016 W-2 forms prepared by InterMountain. The compromised information included employee’s names, addresses, Social Security numbers and wage information.
Upon learning of the incident, InterMountain Management LLC coordinated with the IRS and state tax authorities to better monitor for tax-related fraud against individuals impacted by this event. InterMountain Management LLC has arranged to provide AllClear ID identity protection services for 24 months free of cost to all affected employees.
If employees have any additional questions, they may contact the assistance line at 1-855-725-5775 (toll free), Monday through Saturday, 9:00 a.m. to 9:00 p.m. ET.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Cloudflare
Date of Incident: Between September 22, 2016 and February 18, 2017
Date Public Notified: February 17, 2017
Data Accessed: Encryption keys, cookies, passwords, private messages and other sensitive data.
Who is Affected: An unknown number of Wisconsin residents were affected by the breach.
Details: On February 17, 2017, Cloudflare -- a company that provides a content delivery network used by more than 5.5 million websites, along with Internet security services and distributed domain name server services -- accidentally leaked customers' personal and sensitive information for several months. An error in Cloudflare’s code caused user data including encryption keys, cookies, passwords and private messages, from millions of affected domains to be randomly inserted into other public webpages.
Upon discovering the breach, an international team of engineers was able to stop the bug in Cloudflare’s code in less than 7 hours. Cloudflare disabled several new features that caused the problem to occur, but it took about a week for its team to fully fix the issue and then announce the breach to the public.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Premium Aluminum LLC and Watry Industries LLC
Date of Incident: February 16, 2017
Date Public Notified: February 17, 2017
Data Accessed: 2016 W-2 information, name, address, Social Security number and wage information.
Who is Affected: 495 Wisconsin residents who were employees of Premier Aluminum LLC or Watry Industries LLC and received a W-2 for 2016.
Details: On Thursday, February 16, 2017, Premier Aluminum LLC and Watry Industries LLC were the target of data theft. The information that was disclosed was a file containing 2016 W-2 forms, which included name, address, social security number and wage and associated information from calendar year 2016.
Upon learning of the incident, Premier Aluminum LLC and Watry Industries LLC took immediate action to investigate the incident thoroughly. Premier Aluminum LLC and Watry Industries LLC are in the process of revising policies and procedures and implementing a re-education program for staff who have access to personal information of employees, on how to spot scams and other attempts to impermissibly acquire personal information. The Companies will provide one year of the LIfeLock Standard Identity protection package to all affected employees.
For further information, employees may contact Shelly Hewitt, HR Manager at 262-554-2100 x 111 or email shelly.hewitt@premieraluminum.com. Employees may also contact 262-554-2100 X 114 or email kathy.zdanowski@premieraluminum.com.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: TAB Products Co. LLC
Date of Incident: February 7, 2017
Date Public Notified: February 15, 2017
Data Accessed: Name, address, Social Security number and W-2 information.
Who is Affected: 96 Wisconsin residents who are current and former employees of TAB Products Co. LLC and received a W-2 for 2016.
Details: On Tuesday, February 7, 2017, TAB discovered that it had been the victim of an email phishing scam that led a TAB employee to inadvertently release to a third party certain 2016 W-2 forms of TAB employees. The phishing scam resulted in the disclosure of employee personal information, including names, addresses, Social Security numbers and W-2 information.
Upon learning of the incident, TAB hired experts to assist in the investigation, has been in contact with local law enforcement, the FBI and the Criminal Investigation Division of the IRS. TAB is offering free credit monitoring services through Equifax to all affected employees.
TAB has established a call center at 1-844-305-1930 that affected employees can contact Monday through Saturday from 8:00am to 8:00pm for further information.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Arby's
Date of Incident: Between October 25, 2016 and January 19, 2017
Date Public Notified: February 9, 2017
Data Accessed: Credit and debit card data.
Who is Affected: At this time it is undetermined whether Wisconsin residents were affected by the breach, however there are four corporate locations in Wisconsin. They are located in Hudson, Menominee, Rice Lake and Superior.
Details: In mid-January, Arby’s first became aware of malicious software installed on payment card systems at hundreds of its restaurant locations nationwide resulting in thousands of compromised debit and credit card numbers. Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.
Upon learning of the incident, Arby’s immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant, to conduct an ongoing investigation. The FBI requested that Arby’s delay notification due to the ongoing investigation. Arby’s took measures to contain the incident and eradicate the malware from systems at the impacted restaurants.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Dutchland Plastics
Date of Incident: February 2, 2017
Date Public Notified: February 2, 2017
Data Accessed: W-2 information including name, address, Social Security number, payroll and tax withholding information.
Who is Affected: 424 current and former employees of Dutchland Plastics who received a W-2 for 2017.
Details: On Thursday, February 2, 2017 Dutchland Plastics discovered that it was the victim of a phishing cyber-scam which resulted in a data breach. As a result of the phishing scam, the personal information of current and former employees of Dutchland Plastics, who received a W-2 for 2017, was compromised.
Upon learning of the incident, Dutchland Plastics launched an ongoing internal investigation and notified local and federal law enforcement. Additionally, Dutchland Plastics is conducting a thorough review of their security measures to prevent future incidents. Dutchland Plastics is offering a 12-month gold subscription through “Identity Guard” for all affected employees.
Additional questions or concerns in regards to the data breach may be directed towards Dutchland Plastics Human Resources Department at (920) 564-3633.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Dental Services Group
Date of Incident: January 30, 2017
Date Public Notified: February 1, 2017
Data Accessed: Name, address, Social Security number, wages and tax information.
Who is Affected: 32 Wisconsin residents who are current and former employees of Dental Services Group and received a W-2 for 2016.
Details: On January 30, 2017 an individual fraudulently posing as the CEO of Dental Services Group requested the 2016 W-2 forms of employees. The phishing scam resulted in the inadvertent disclosure of employee personal information, including names, addresses, Social Security numbers, wages and tax information.
The error was discovered within 30 minutes. Dental Services Group launched an investigation, notified the executive team and IT department and confirmed no other breaches occurred. Dental Services Group contacted the FBI and the IRS to flag employee files for security, and is currently revising the internal procedure for the transmission of personal information. Affected employees will be offered 24 months of the LifeLock Standard membership free of charge.
For additional information or assistance, please contact: Suzy Hansmann, VP of Human Resources at shansmann@dentalservices.net or (952) 345-6329.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
January 2017
Company Name: School District of Black River Falls
Date of Incident: January 18, 2017
Date Public Notified: January 19, 2017
Data Accessed: W-2 information including name, address, Social Security number, tax filing status and salary.
Who is Affected: 478 current and former employees of the School District of Black River Falls who received a W-2 for 2017.
Details: On January 18, 2017 the School District of Black River Falls was the target of a phishing scandal, sending all staff W-2s to an unknown source. A staff member received an email from someone posing as the district’s director of business services. As a result of the phishing scam, the personal information of current and former employees of the School District of Black River Falls, who received a W-2 for 2017, was compromised.
Upon learning of the incident, the School District of Black River Falls immediately notified local law enforcement and the FBI, who are conducting an ongoing investigation. The School District of Black River Falls is offering 24 months of free credit monitoring services through CyberScout.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.
***
Company Name: Barron Area School District
Date of Incident: January 18, 2017
Date Public Notified: January 19, 2017
Data Accessed: W-2 information including name, address, Social Security number and current earnings.
Who is Affected: 431 current and former employees of the Barron Area School District who received a W-2 for 2017.
Details: On January 18, 2017 a Barron Area School District employee was the target of an isolated email phishing scam. Identity thieves sent a fraudulent email requesting the W-2 information of district employees. As a result of the phishing scam, the personal information of current and former employees of the Barron Area School District, who received a W-2 for 2017, was compromised.
Upon learning of the incident, the Barron Area School District immediately notified local law enforcement and the FBI, who are conducting an ongoing investigation. The Barron Area School District is offering free credit monitoring services through MyIDTheft.
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.