SAN DIEGO, Sept. 4, 2015 /PRNewswire/ -- The Agent of
Change website is providing notice to website users about a recent
incident that may affect the security of certain personal
information.
What Happened? On August 24,
2015 we discovered a potential intrusion into our website
server. We quickly moved to investigate this issue. In
an abundance of caution, we took down the Agent of Change website
on August 26, 2015. Third-party
computer forensics experts were retained to assist with an
investigation into the nature and scope of any intrusion.
While the investigation is ongoing, it has been determined that
there was unauthorized access to certain personal information
relating to Agent of Change website users, including the user's
name, student ID number, email address (both the one provided
by the school and any email provided by the user upon
registering), the user's Agent of Change username, the user's Agent
of Change password, gender identity, race, ethnicity, age,
relationship status, sexual identity and the name of the user's
college or university.
What We Are Doing. In addition to taking down
the Agent of Change website and working with third-party computer
forensics, we have been working with our web developers to restore
the site in a secure manner. We have also notified all of our
affected clients about this incident and the steps we have taken
since discovering this incident.
What You Can Do. While we do not have any evidence
that the information related to the users of the Agent of Change
website has been misused, there are several steps users can take to
protect themselves. We will require that users change the
passwords associated with their Agent of Change account. We
strongly encourage users to change their passwords for other
accounts if their Agent of Change password is used elsewhere.
Best practices for creating secure passwords include the
following:
-
- Passwords should be complex and include the following:
- Password must be 8-15 characters long
- Password must contain at least 1 uppercase letter
- Password must contained at least 1 lowercase letter
- Password must include 1 special character (Examples:
!@#$%^&*()_-+={[}]|:;""'<,>.?/~`)
- Passwords should be changed on a frequent schedule and
individuals should have different passwords for each site that they
visit.
- Review challenge question answers to see if they are on social
media sites. Please be careful when selecting questions and
answers as unauthorized users will mine data to try and guess
answers to challenge questions.
We also want to advise users to be on the look out for potential
phishing emails. Phishing emails are typically attempting to
steal personal information through legitimate-looking email
messages from legitimate-looking email addresses. If you have
received a suspected phishing email, please consider the
following:
- Before clicking on a link, mouse over it to view the link
address and ask yourself if it seems legitimate.
- Do not open or follow unsolicited/unexpected attachments or
email links.
- If there is even a shred of doubt, forgo clicking on the link
or attachment until you confirm that the link or attachment is
legitimate.
- Do not provide a user ID or password in email, do not reply to
emails asking you to send any personal information, and do not
respond to emails that require you to enter personal or financial
information directly into the email.
Additional steps users can take to protect themselves are
included below.
The security of the personal information in our care is one of
our highest priorities. We sorry for the inconvenience this
incident has caused our users. If users have questions about
the about the incident, they can call (877) 218-2930, 6 a.m. to 4 p.m. PST, Monday through
Friday. Please use reference number 6751090215 when
calling.
ADDITIONAL STEPS YOU CAN TAKE TO PREVENT IDENTITY THEFT AND
FRAUD
You may also take action directly to further protect against
possible identity theft or other financial loss. We encourage
you to be vigilant by reviewing your account statements regularly
and monitoring your credit reports for suspicious activity.
Under U.S. law, you are entitled to one free credit report annually
from each of the three major credit bureaus. To order your
free credit report, visit www.annualcreditreport.com or call,
toll-free, 1-877-322-8228. You may also contact the three
major credit bureaus directly to request a free copy of your credit
report.
At no charge, you can also have these credit bureaus place a
"fraud alert" on your file that alerts creditors to take additional
steps to verify your identity prior to granting credit in your
name. Note, however, that because it tells creditors to
follow certain procedures to protect you, it may also delay your
ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud
alert, the others are notified to place fraud alerts on your
file. Should you wish to place a fraud alert, or should you
have any questions regarding your credit report, please contact any
one of the agencies listed below. Information regarding
security freezes is also available from these agencies.
Equifax
|
Experian
|
TransUnion
|
P.O. Box
105069
|
P.O. Box
2002
|
P.O. Box
2000
|
Atlanta, GA
30348
|
Allen, TX
75013
|
Chester, PA
19022-2000
|
800-525-6285
|
888-397-3742
|
800-680-7289
|
www.equifax.com
|
www.experian.com
|
www.transunion.com
|
Consumers may place a security freeze on their credit
reports. A security freeze prohibits a credit reporting
agency from releasing any information from a consumer's credit
report without the consumer's written authorization. However,
please be advised that placing a security freeze on your credit
report may delay, interfere with, or prevent the timely approval of
any requests you make for new loans, credit mortgages, employment,
housing, or other services.
If you have been a victim of identity theft, and you provide the
credit reporting agency with a valid police report, it cannot
charge you to place, lift or remove a security freeze. In all
other cases, a credit reporting agency may charge you a fee to
place, temporarily lift, or permanently remove a security
freeze. You will need to place a security freeze separately
with each of the three major credit bureaus listed above if you
wish to place the freeze on all of your credit files.
To find out more on how to place a security freeze, you can
visit the following sites:
Equifax Security Freeze
- https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
Experian Security Freeze -
http://www.experian.com/consumer/security_freeze.html
TransUnion Security Freeze – https://freeze.transunion.com
You can further educate yourself regarding identity theft, fraud
alerts, and the steps you can take to protect yourself, by
contacting the Federal Trade Commission or your state Attorney
General. For North
Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-919-716-6400,
www.ncdoj.gov. For Maryland residents, the Attorney General
can be contacted at 200 St. Paul Place, 16th Floor,
Baltimore, MD 21202,
1-888-743-0023, www.oag.state.md.us. The Federal Trade
Commission can be reached at: 600 Pennsylvania Avenue NW,
Washington, DC 20580,
www.ftc.gov/idtheft/, 1-877-ID-THEFT (1-877-438-4338); TTY:
1-866-653-4261. The Federal Trade Commission also encourages
those who discover that their information has been misused to file
a complaint with them. You can obtain further information on
how to file such a complaint by way of the contact information
listed above. Instances of known or suspected identity theft
should also be reported to law enforcement.
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/we-end-violence-provides-notice-of-data-security-event-at-agent-of-change-website-300138429.html
SOURCE We End Violence