What Happened

 

On or about March 1, 2024 – May 3, 2024, an unauthorized third party remotely accessed certain IAMS computer systems, and, as a result, accessed and/or acquired some files containing personal information. Upon becoming aware of the incident, IAMS engaged third-party cybersecurity experts to remediate, further investigate, and determine the scope of the incident.

 

What Information Was Involved

 

IAMS has been investigating this data security incident, which has included working with cybersecurity advisors to attempt to determine the scope of the incident and data potentially involved in the incident. This process concluded on or about July 12, 2024, after which IAMS worked to identify individuals whose information may have been present in the identified systems and contact information for those individuals. Social Security numbers, Passport numbers, driver’s license numbers, account numbers, dates of birth, EINs, certain financial information, business email credentials, and certain medical information was present in the impacted computer systems and may have been accessible to the unauthorized third party. Again, IAMS is not aware of any identity theft or fraud in relation to this incident but is providing this notice out of an abundance of caution.

 

What We Are Doing

 

Upon learning of the incident, IAMS launched an investigation, assessed the security of its systems, and took actions to help prevent a similar incident from occurring in the future, including security enhancements. IAMS also reported the incident to the Federal Bureau of Investigation and sent notifications to potentially affected individuals. Although we are not aware of any identity theft or fraud as a result of this incident, to ease any concerns that affected individuals might have about this situation, we are offering the affected individuals identity theft protection services through CyEx.

 

What You Can Do

 

Individuals should remain vigilant by reviewing account statements and monitoring free credit reports.

 

1. Remain vigilant by reviewing account statements and monitoring credit reports. Under federal law, you also are entitled every 12 months to one free copy of your credit report from each of the three major consumer reporting To obtain a free annual credit report, go to www.annualcreditreport.com or call 1-877-322-8228. You may wish to stagger your requests so that you receive a free report by one of the three credit bureaus every four (4) months. Immediately report any suspicious activity. You can report suspected incidents of identity theft to local law enforcement, your state’s attorney general, and the Federal Trade Commission (“FTC”).

 

2. Place Fraud Alerts with the three consumer reporting If you choose to place a fraud alert, we recommend you do this after activating your credit monitoring. You can place a fraud alert at one of the three major consumer reporting agencies by phone and also via Experian’s or Equifax’s website. A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. The contact information for all three agencies is as follows:

Equifax
1-888-298-0045
www.equifax.com

 

Equifax Fraud Alert
1-888-378-4329
P.O. Box 105069
Atlanta, GA 30348-5069

 

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348-5788

Experian
1-888-397-3742
www.experian.com

 

Experian Fraud Alert
1-888-397-3742
P.O. Box 9554
Allen, TX 75013

 

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013

TransUnion
1-800-680-7289
www.transunion.com

 

TransUnion Fraud Alert
1-800-680-7289
P.O. Box 2000
Chester, PA 19022-2000

 

TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094

It is necessary to contact only ONE of these agencies and use only ONE of these methods. As soon as one of the three agencies confirms your fraud alert, the others are notified to place alerts on their records as well. You will receive confirmation letters in the mail and will then be able to order all three credit reports, free of charge, for your review. An initial fraud alert will last for one year.

 

Please Note: No one is allowed to place a fraud alert on your credit report except you.

 

3. Security By placing a security freeze, someone who fraudulently acquires your personal identifying information will not be able to use that information to open new accounts or borrow money in your name. There is no cost to freeze or unfreeze your credit files. If you wish to place a security freeze on your credit file, you must separately place a security freeze on your credit file at each consumer reporting agency. In order to place a security freeze, you may need to provide the following information: (1) Full name (including middle initial as well as Jr., Sr., II, III, etc.); (2) Social Security Number; (3) Date of birth; ( 4) Addresses for the prior five years; (5) Proof of current address; (6) A legible copy of a government issued identification  card; and (7) A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if they are a victim of identity theft. Keep in mind that when you place the freeze, you will not be able to borrow money, obtain instant credit, or get a new credit card until you temporarily lift or permanently remove the freeze.

 

Please contact any of the three major consumer reporting agencies listed above for details on what information each company requires and to place the freeze.

 

4. You can obtain additional information about the steps you can take to avoid identity theft, including but not limited to, information about fraud alerts and security freezes, from the following agencies, in addition to the FTC and consumer reporting agencies listed above. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.

 

If you are a resident of any of the states below, we have provided additional instructions applicable to residents of your state.

 

California Residents: Visit the California Office of Privacy Protection (http://www.oag.ca.gov/privacy) for additional information on protection against identity theft. Office of the Attorney General of California, 1300 I Street, Sacramento, CA 95814, Telephone: 1-800-952-5225.

 

Maryland Residents: the Office of the Attorney General may be contacted at: 200 St. Paul Place, 16th Floor, Baltimore, MD  21202; 1-410-576-6300 or 1-888-743-0023; and  https://www.marylandattorneygeneral.gov/.

 

Kentucky Residents: Office of the Attorney General of Kentucky, 700 Capitol Avenue, Suite 118 Frankfort, Kentucky 40601,  www.ag.ky.gov, Telephone: 1-502-696-5300.

 

New Mexico Residents: New Mexico residents have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to consumer files is limited; consumers must give their consent for credit reports to be provided to employers; consumers may limit “prescreened” offers of credit and insurance they get based on information in their credit report; and consumers may seek damages from a violator. Consumers may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. Consumers can review their rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer  Response  Center, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.

 

New York Residents: the Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; https://ag.ny.gov/.

 

North Carolina Residents: Office of the Attorney General of North Carolina, 9001 Mail Service Center Raleigh, NC 27699-9001, www.ncdoj.gov, Telephone: 1-877-566-7226 or 1-919-716-6000. You have the right to obtain information about preventing identity theft from the Federal Trade Commission and the North Carolina Attorney General’s Office.

 

Oregon Residents: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, www.doj.state.or.us/, Telephone: 877-877-9392.

 

Rhode Island Residents: the Rhode Island Attorney General may be reached at: 150 South Main Street, Providence, RI 02903; www.riag.ri.gov; and 1-401-274-4400. You have the right to obtain any police report filed in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

 

All US Residents: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, https://consumer.ftc.gov or https://identitytheft.gov, 1-877-IDTHEFT (1-877-438-4338), TTY: 1-866-653-4261.

 

For More Information

 

We fully appreciate the importance of protecting personal information, and we take the security and privacy of information in our care seriously. We apologize for any inconvenience this incident may have caused. If you have any further questions regarding this cybersecurity incident, you can reach us at (888) 499-1221.

 

Sincerely,

 

INSURANCE AGENCY MARKETING SERVICES, INC.