February 12, 2018

Dear EIS Clients:

Please read this notice.  It includes important information about your personal data.  EIS  strives to protect your personal data and wants to make you aware of a recent incident affecting the EIS client database.

EIS has learned that on December 18th, 2017, our client computer database was attacked by the Crypto Locker ransomware software which resulted from a remote desktop protocol (RDP) brute-force attack. These types of attacks have become more frequent in the US in the past six months.  EIS has corrected this problem to prevent future attacks.  Please note that donor information was not accessed. 

The attacker gained access to the EIS client database, which includes identifying information such as names, addresses, drivers license numbers and in some cases, social security numbers. These types of attacks use software to scan millions of public IP addresses looking for ways to access data. Once accessed, the data is encrypted and ransomed to others to get access to the encryption code to use the data. To date, we have no information to suggest that client information was actually used for illegal purposes and based upon the details of the attack, believe that the risk of misuse of your personal data is extremely low.

On behalf of EIS, we are truly sorry that this event has occurred and for any concern it may cause you.  EIS is committed to protecting your personal information.  EIS has corrected this problem by implementing changes in remote access procedures and removing sensitive data from the database.  In response to this incident, we recommend that you take the following steps to protect your financial information:

  1. Closely monitor your financial accounts (banks, credit unions, credit card companies) to look out for suspicious activity.  If you notice something, contact your financial institution immediately.
  2. Consider contacting the credit bureaus to place a fraud alert on your account.
  3. Check your credit reports.  You may receive free credit reports from annualcreditreport.com.
  4. Consider purchasing credit monitoring services to help you stay vigilant about your credit.

If you notice any fraudulent activity, you can contact the local police to file a police report and/or the Federal Trade Commission to report it.  If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to get recovery steps and to file an identity theft complaint. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations.

Should you have any additional questions, please contact Tina Massey at 918-582-2469 or tina@eistulsa.org.