May 30, 2023
Notice of Data Security Incident
Trussway understands the importance of protecting information. We are informing individuals that we recently identified and addressed a data security incident involving some of their information. This notice explains the incident, measures we have taken, and additional steps you may consider taking in response.
We determined on March 31, 2023, that certain devices in our network were encrypted with ransomware. When we learned of the incident, we immediately implemented our response protocols, took measures to contain the activity, and launched an investigation. A cybersecurity firm also was engaged. We notified law enforcement and are supporting its investigation.
The evidence showed that between March 7, 2023 and April 1, 2023, an unauthorized actor viewed and obtained files stored on certain servers in our network. We conducted a careful review of the files and, on May 19, 2023, determined that one or more of the files contained information maintained for employment purposes.
The file(s) contained individuals’ name, address, Social Security number, date of birth, and health insurance plan enrollment information. The files also may have contained individual’s health insurance policy number, driver’s license number, passport number, other government-issued identification number, financial account information, and if an individual filed a claim for workers’ compensation or short-term disability, medical information relating to their claim.
We are mailing letters to the individuals involved and arranged for eligible individuals to receive complimentary membership to Equifax CompleteTM Premier credit monitoring. If you believe your information was involved but do not receive a letter by July 1, 2023, please call our dedicated call center for this incident at 877-281-2135, Monday through Friday, between 8:00 a.m. and 8:00p.m., Central Time.
We take this incident very seriously. To help prevent something like this from happening again, we have taken and are taking steps to enhance our existing security measures, which will include the use of a new managed detection and response platform.