Donate

Internet Security Incident

Frequently Asked Questions

How do I find out if my data was compromised?

If your personally identifiable information was stored on our server, you should receive a letter from CCM notifying you of this. There are several steps that you can take to minimize or eliminate potential harm.

  • Monitor your financial statements and if you see any unauthorized activity, promptly contact your financial institution.
  • You may also want to contact the three US Credit reporting agencies (Equifax, Experian and TransUnion) to obtain a free copy of your credit report by calling 1-877-322-8228 or by logging on to www.annualcreditreport.com. You have the right to get a free copy of your credit report from each of these three agencies once every 12 months.
  • You many also want to consider placing a security freeze on your credit files. A freeze prevents an unauthorized person from using your personally identifying information to open new accounts or borrow money in your name.You will need to contact the three US credit reporting agencies to place the security freeze. The fee could be up to $10 for each credit reporting agency. The agencies may waive the fee if you can prove that identity theft has occurred. Keep in mind that when you place the freeze, you will not be able to borrow money, obtain instant credit, or get a new credit card until you temporarily lift or permanently remove the freeze.

To obtain a security freeze, contact the following agencies:

               Equifax: 1-800-685-1111; web: https://www.freeze.equifax.com

               TransUnion: 1-800-680-7289; web: https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

Experian: 1-888-397-3742; web: https://www.experian.com/freeze/center.html

What is Personally Identifiable Information (PII)?

Information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a social security number; age; military rank; marital status; race; home phone numbers; other demographic, biometric, personnel, medical, and financial information, etc. that is not already public information and could be used on its own or with other information to identify, contact, or locate a single person.

What information was compromised?

We do not have proof that any data was stolen or otherwise compromised. Some information stored on the server contained client information such as name, address, and social security number. CCM did not have access to nor store any financial information such as credit card numbers or complete bank account numbers.

I’ve read the letter. Is there something I am required to do?

There is nothing that you are required to do.


 

FOR IMMEDIATE RELEASE - May 16, 2017

CCM announces Internet Security Incident – Possible Data Breach

CONCORD – Earlier this month, Cooperative Christian Ministry (CCM) notified the NC Department of Justice, the Attorney General’s Consumer Protection Division and major consumer reporting agencies of a possible data breach on the ministry’s server used to process and store client data.

In a statement by the organization’s Executive Director, Ed Hosack; “Our technical staff detected an unauthorized user on our server early one morning in April. Staff took immediate steps to disable the user, restrict access and notify our external systems support contractor”.

To date, the ministry and independent support have not detected any other malicious activity, however, the ministry leadership is addressing protocol as if the worst case scenario. The organization’s major focus is on a database of ministry clients from 2004-2011, but all of the data stored on the server was vulnerable up to the present time. In 2012, the ministry converted from a client database that was developed in house to a proprietary data management system with significant functional and security improvements. The raw data used to populate the new system, 2004-2011, was archived in the organization’s main server and was therefore vulnerable to a cyber invasion. “Even after investing in and employing administrative security strategies on an ongoing basis, Hosack said, “we were obviously no match for those who were determined to invade our system.”

The ministry is most concerned about personally identifiable information for approximately 20,000 individuals who were served by the ministry during that period (2004-2011). There are additional clients that came to CCM after that initial time period that could also be notified, but the majority fall between those 7 years. CCM is preparing a mailing to each one of those households notifying them of the possible compromise of their data. The letter meets all requirements of notification, including the type of information that was at risk and recommended steps they may take to protect themselves.

With the guidance of internet security professionals, CCM immediately implemented enhanced security measures and this week is installing additional hardware and software to further secure its technology systems. “Our response to date will cost around $10,000”, Hosack said, “not including the extraordinary staff time that has been dedicated to investigation and mitigation. It is our hope that no data was actually compromised, but we will not assume that.”

Everyone whose data was included in the database should receive a letter addressing the intrusion by mid-June. Concerned individuals can inquire by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or calling 704-786-4709 and dialing extension 800.

“The only potential benefit”, according to Hosack, “is in sharing our misfortune and the lessons learned with our local small business and nonprofit community in the hope of preventing similar hardship.” CCM has received the commitment of a regional cyber security expert to address nonprofit leaders at its Cabarrus County Nonprofit Workshop in August. The organization encourages all local nonprofit leaders to put August 24th on their calendar to be informed by an expert in Cyber Security about the latest concerns and appropriate protective measures.


 

05/16/17

Dear CCM Client:

We are contacting you because we have learned of a data security incident (breach) that occurred on April 11, 2017 that possibly involved some of your personal information. We do not have any proof that your data was compromised, but we wanted to bring this incident to your attention.

The breach involved an unauthorized user gaining access to our data storage server. The storage server contained a database that included your name, address, and social security number; the majority between January 2004 and October 2011, but all data on the server was vulnerable up to the present time.

Upon discovery of the incident, CCM immediately took steps to eliminate the unauthorized user and changed criteria needed to regain access. Since the incident, we have also taken steps by working with an outside consulting company to improve our hardware and software to help prevent any recurrence.

We are notifying you so you can take action along with our efforts to minimize or eliminate potential harm. We strongly encourage you to take preventive measures now to help prevent and detect any misuse of your information. We have advised the three major U.S. credit reporting agencies about this incident and have given those agencies a general report, alerting them to the fact that the incident occurred; however, we have not notified them about the presence of your specific information in the data breach.

Although we did not have access to nor store any financial information such as credit card numbers or bank account numbers, as a first preventive step, we recommend you closely monitor your financial accounts and, if you see any unauthorized activity, promptly contact your financial institution.

To obtain information concerning preventing or reporting identity theft, you may also contact the Federal Trade Commission (FTC) by calling 1-877-ID-THEFT (1-877-438-4338) or online at https://www.ftc.gov/ or the North Carolina Attorney General's Office by calling (1-919-716-6400) or online at http://www.ncdoj.gov/Consumer.aspx.

As a second step, you also may want to contact the three U.S. credit reporting agencies to obtain a free credit report from each by calling 1-877-322-8228 or by logging onto www.annualcreditreport.com. You have the right to get a free copy of your credit report, once every 12 months, from each of the nationwide consumer credit reporting companies, Equifax, Experian and TransUnion.

Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. A victim’s personal information is sometimes held for use or shared among a group of thieves at different times. Checking your credit reports periodically can help you spot problems and address them quickly. You also may want to consider placing a security freeze on your credit files. A freeze prevents an authorized person from using your personal identifying information to open new accounts or borrow money in your name. You will need to contact the three U.S. credit reporting agencies to place the security freeze. The fee could be up to $10 for each credit reporting agency (see each website or call for more information). The agencies may waive the fee if you can prove that identity theft has occurred. Keep in mind that when you place the freeze, you will not be able to borrow money, obtain instant credit, or get a new credit card until you temporarily lift or permanently remove the freeze.

To obtain a security freeze, contact the following agencies:

Equifax: 1-800-685-1111; web: https://www.freeze.equifax.com

TransUnion: 1-800-680-7289; web: https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

Experian: 1-888-397-3742; web: https://www.experian.com/freeze/center.html

Answers to Frequently Asked Questions can be found at www.cooperativeministry.com in the “About” tab. If your specific question is not answered, please email us at This email address is being protected from spambots. You need JavaScript enabled to view it. or dial 704-786-4709, extension 800.

Cooperative Christian Ministry