City Harvest, Inc. is providing notice of an incident that may affect the security of personal information stored on its systems. This notice includes information about the incident, the response, and steps impacted parties may take to protect against possible misuse of their information, should they feel it necessary to do so.
What Happened? On January 20, 2022, City Harvest discovered suspicious activity on its systems. In response, the organization immediately launched an investigation and worked with outside forensic specialists to secure its systems and investigate the nature and scope of the incident. The investigation determined that an unauthorized actor accessed certain systems on City Harvest’s network and acquired certain files stored on those systems between January 19, 2022, and January 29, 2022. An extensive review of the acquired files and folders was performed with the assistance of an outside vendor to identify any sensitive information stored therein and to whom it relates. On June 10, 2022, City Harvest received the results of the extensive review and determined the affected files contained personal information relating to some of its constituents.
Also Read: ACCORIAN Joins Civitas Networks for Health
What Information Was Involved? The types of personal information which may have been impacted vary for each person. The types of affected information may include an individual’s name, date of birth, Social Security number, driver’s license number, financial account information, medical information, and health insurance information.
How Will Individuals Know If They Are Affected By This Incident? City Harvest is mailing notice letters to the individuals identified as impacted for whom they have a current mailing address. If an individual does not receive a letter but would like to know if they are affected, they may call City Harvest’s dedicated assistance line provided below.
What City Harvest Is Doing. As soon as the suspicious activity was detected, City Harvest worked to contain the incident and secure its systems. City Harvest is committed to protecting its constituents’ information. As part of this commitment, the organization is reviewing and strengthening its existing policies, procedures, and systems related to cyber security.
Although City Harvest has no evidence of any actual or attempted identity theft or fraud resulting from this incident, it is notifying affected individuals so they may take steps to help protect their personal information, should they feel it is appropriate to do so. City Harvest arranged to have IDX provide identity monitoring services to impacted parties for twenty-four (24) months at no cost as an added precaution. Impacted parties will need to enroll in these services directly as City Harvest is unable to do this on an individual’s behalf.
What You Can Do. City Harvest encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements, and if applicable, enrolling in the complimentary credit monitoring services that are being offered through IDX, and monitoring free credit reports for suspicious activity over the next 12 to 24 months. More information on steps impacted individuals can take to protect their information can be found at CityHarvest.org and will be included in notification letters sent directly to impacted individuals.