Notification of Data Breach Incident
Quantum Color Graphics LLC (Quantum) as a vendor to print and mail the December 31, 2020 Personal Statement of Retirement Benefits. On November 4, 2021, Quantum notified Alight it had discovered, on October 22, 2021, that a ransomware group had exploited a vulnerability in one of Quantum’s network servers, obtained unauthorized access to files on that server between August 17 and October 11, 2021, and published certain data from that server on the dark web. Alight confirmed to the Employees’ Retirement System of Georgia (ERSGA) on November 18, 2021 that ERS member data was compromised. The incident has been reported to law enforcement authorities.
What Information Was Involved
The compromised information was contained in zipped .pdf files that Alight had transferred via secured transmission to Quantum for printing and mailing. The files included electronic copies of the December 31, 2020 Personal Statement of Retirement Benefits for active employees for the State of Georgia, including you. Each statement contained the following information:
- Employee name
- Home mailing address
- Date of birth
- ERSGA Pension ID number
- Retirement account balance information
- Account beneficiary name and date of birth (if the information was on file)
- All other information contained in the Personal Statement of Retirement Benefits
The compromised information did not include Social Security Numbers.
If you had a pension, PSR, or GTLI beneficiary designated on that statement, please notify your beneficiary that their name and date of birth were included in the compromised data.
What We Are Doing
- Alight has confirmed that Quantum has fixed the vulnerability which allowed for the unauthorized access to their files. Alight also obtained confirmation from Quantum that all of Alight’s data have been deleted from its systems and that Quantum no longer holds or maintains your data in its systems.
- Alight takes privacy and security seriously, and upon being informed of this incident, took steps to ensure that strong controls are in place to monitor participant accounts and prevent improper distributions. Alight and ERSGA will continue to maintain strong security controls to protect your account from fraudulent transactions. These include providing prompt notification for account changes, requiring multifactor authentication for certain transactions requests, and a holding period when new bank accounts and mailing addresses are added to your account.
- Alight Protection Program™: We also provide the Alight Protection Program for your PSR 401(k) and/or 457 account(s), which will reimburse losses related to fraud that occur through no fault of your own, when you take steps to help us protect your account. You can learn more about the Alight Protection Program by visiting the Security Center at GaBreeze.ga.gov.
- Experian Credit Monitoring: A free one-year membership to Experian’s® IdentityWorksSM has been made available to you. This product provides you with detection and resolution of identity theft. This one-year Experian credit monitoring includes the following:
- Experian credit report at signup: See what information is associated with your credit file. Daily credit reports are available for online members.
- Credit Monitoring: Actively monitors Experian file for indicators of fraud.
- Internet Surveillance: Technology searches the web, chat rooms, and bulletin boards 24/7 to identify trading or selling of personal information on the dark web.
- Identity Restoration: Identity Restoration specialists are immediately available to help address credit and non-credit related fraud.
- Experian IdentityWorks ExtendCARETM: Access to Identity Restoration support, even after the one-year Experian IdentityWorks membership period.
- Up to $1 Million Identity Theft Insurance: Provides coverage for certain costs, and unauthorized electronic fund transfers.
What You Can Do
- As soon as possible, visit the ERSGA website at: www.ers.ga.gov
- Log in to your secure account by clicking on the orange Log In button at the top of the page.
- Make sure your user name and password are strong and secure.
- Important Note: If you do not already have a secure account, please create one using the register button on the secure Log In page, and follow the instructions to create an account.
- Enroll for the free Experian Protection Plan by March 31, 2022. To activate your membership and start monitoring your personal information, you must take action to enroll by following the steps below:
- Enroll by: March 31, 2022. The code will not work after this date, so take action immediately!
- Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/plus
- Engagement number: B022198
- Activation code: The personalized letter sent to you contained this activation code.
If you have questions about the plan, need assistance with identity restoration, or would like an alternative to enrolling in Experian IdentityWorks online, please contact the Experian customer care team by March 31, 2022 at (855) 797-1033.
Be prepared to provide engagement number B022198 as proof of eligibility for the identity restoration services by Experian.
- Please remain alert for fraud and identity theft. Review your ERSGA paper statements and online statements at www.ers.ga.gov on a regular basis. Keep track of your other accounts, and monitor your free credit reports. Be on the lookout for anything that seems suspicious, including potentially fraudulent communications claiming to be from ERSGA or from other people concerning your ERSGA retirement benefits.
If you have any further questions regarding this data breach incident, please call GaBreeze at (877) 342-7339.
Additional Information to Protect Yourself
- To protect against possible fraud, identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements, and to monitor your credit reports.
- Provided below are the names and contact information for the three major U.S. credit bureaus and additional information about steps you can take to obtain a free credit report and place a fraud alert or security freeze on your credit report.
- If you believe you are a victim of fraud or identity theft you should consider contacting your local law enforcement agency, your state’s attorney general, or the Federal Trade Commission (FTC). Please know that contacting us will not expedite any remediation of suspicious activity.
Information on Obtaining a Free Credit Report
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit reports, visit www.annualcreditreport.com or Call (877) 726-1014
Information on Implementing a Fraud Alert or Security Freeze
Consider contacting the three major credit bureaus at the addresses below to place a fraud alert on your credit report. A fraud alert indicates to anyone requesting your credit file that you suspect you are a possible victim of fraud. A fraud alert does not affect your ability to get a loan or credit. Instead, it alerts a business that your personal information might have been compromised and requires that business to verify your identity before issuing you credit. Although this may cause some short delay if you are the one applying for the credit, it might protect against someone else obtaining credit in your name. A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing or other services. A credit reporting agency may not charge you to place, temporarily lift, or permanently remove a security freeze.
To place a fraud alert or security freeze on your credit report, you must contact the three credit bureaus below:
- Equifax: Visit www.equifax.com or Call (888) 766-0008
Consumer Fraud Division P.O. Box 740256 Atlanta, GA 30374
- Experian: Visit www.experian.com or Call (888) 397-3742
Credit Fraud Center P.O. Box 9554 Allen, TX 75013
- TransUnion: Visit www.transunion.com or Call 1 (800) 680-7289
TransUnion LLC P.O. Box 2000 Chester, PA 19022-2000
To request a security freeze, you will need to provide the all of the following information:
- Your full name (including middle initial as well as Jr., Sr., II, III, etc.)
- Social Security Number
- Date of birth
- If you have moved in the past five (5) years, the addresses where you have lived over those prior five years
- Proof of current address such as a current utility bill or telephone bill
- A legible photocopy of a government-issued identification card: state driver’s license or ID card, military identification, etc.
U.S. Federal Trade Commission: Contact the U.S. Federal Trade Commission (FTC) for further information on fraud alerts, security freezes, and how to protect yourself from identity theft.
Visit www.consumer.gov/idtheft or Call (877) 382-4357
400 7th St. SW, Washington, DC 20024
Your state attorney general may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your state attorney general, or the FTC.
- California Residents: Contact the California Office of Privacy Protection for additional information on protection against identity theft.
- Georgia Residents: Contact the Georgia Attorney General’s Consumer Protection Division website for additional information on protection against identity theft.
- Maryland Residents: Contact the Attorney General at the Office of Attorney General.
Visit www.oag.state.md.us or Call (888) 743-0023
200 St. Paul Place, Baltimore, Maryland 21202
- Massachusetts Residents: Under Massachusetts law, you have the right to obtain any police report filed in connection to the incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.
- New York Residents: Contact the New York Attorney General’s Office website on data breaches for additional information on protection against identity theft.
- North Carolina Residents: Contact the Attorney General.
Visit www.ncdoj.gov or Call (919) 716-6400
9001 Mail Service Center, Raleigh, North Carolina 27699-900