Notice of Data Breach


05/18/2021 — Florida League of Cities (FLC) values the privacy and confidentiality of all customer data within its control. Regrettably, this notice is regarding a recent data security incident that may impact the privacy of some FLC customer data that was hosted with its third-party vendor, Netgain Technology, LLC. If you are currently, or were at some time in the past, an individual participant in the Florida Municipal Pension Trust Fund (“FMPTF”), or if you paid to register for an event held by the Florida City and County Managers Association, Inc. (“FCCMA”), this data security incident notice may apply to you.  Please be assured we have taken steps to address this incident. Although there is no evidence any information has been misused, we wanted to be as transparent as possible and advise you of this incident.

Background

Netgain recently informed FLC that an unauthorized third party gained access to servers within the Netgain environment on December 3, 2020, including a server that hosted FLC’s data. Upon receiving notice from Netgain, FLC worked with Netgain and law enforcement to investigate this incident. After consulting with forensic investigators and law enforcement, we learned that this type of cyberattack is typically conducted for financial gain from the data hosting provider and attackers are not usually interested in retaining personal information. Additionally, Netgain received assurances from the attacker that no data was retained, and we have confirmed with law enforcement that no FLC data has been posted online. FLC investigated the data potentially impacted by this incident but due to limitations imposed by the volume and structure of the data at issue, we were unable to specifically determine what data may have been involved. Therefore, out of an abundance of caution, we are providing notice of this incident to all individuals whose personal information has been processed as part of our services.

What information was involved?

Our review of the impacted systems and databases to determine what information may have been at risk concluded on April 20, 2021. It appears information provided to us for FMPTF including individual names, Social Security numbers, and/or date of birth, and information provided to us for FCCMA including credit card number and 3-digit CVV code information, may have been present on the impacted systems.

What are we doing?

Upon learning of this incident, we terminated our relationship with Netgain and launched an investigation. To minimize the risk of future incidents, FLC is in the process of reviewing and updating its existing policies related to vendor data security and retention practices. Although there is no evidence FLC data was misused, we are offering FLC customers complimentary credit monitoring and identity restoration services for twelve months. FLC mailed a notice letter to potentially impacted customers where we had a customer address on May 18, 2021, which included information about the incident and instructions for enrolling in these services. If you are currently, or were at some time in the past, an individual participant in the FMPTF or if you paid to register for an event held by the FCCMA, you can also enroll in 12 complimentary months of credit monitoring and identity restoration services by calling 1-833-903-3648 Monday through Friday, 9 am – 9 pm ET.

What can you do to protect yourself?

To help reduce the risk of fraud or identity theft, it is always a best practice to carefully and regularly review your credit reports, credit card statements, and other financial account information. If you find any unauthorized or suspicious activity, you should contact your credit card company or financial institution immediately. You should also report all fraudulent activity or suspected incidents of identity theft to law enforcement, your state attorney general, and/or the Federal Trade Commission.

Our customers’ trust is important to us, and we sincerely apologize for any concern this has caused. The privacy and protection of all information in our control is a matter we take very seriously, and we will remain vigilant in our efforts to safeguard and protect the information entrusted to us. For more information, please call 1-833-903-3648 Monday through Friday from 9 am – 9 pm ET.

 

Additional Resources

  • Fraud Alerts


  • On request, any of the three nationwide consumer credit reporting companies can place a free fraud alert in your file to alert potential creditors that you may be a victim of identity theft; a fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you.

    A fraud alert will help prevent someone from opening new accounts in your name. As soon as one credit reporting bureau confirms your fraud alert, the others are automatically notified to place fraud alerts as well. All three bureaus will mail you a confirmation letter and you will be able to order complimentary credit reports for your review.

    The easiest way to place an alert is by visiting www.transunion.com or https://fraud.transunion.com/fa/fraudAlert.

    You will answer some questions to confirm your identity, and then a 90-day fraud alert will be added to your credit file. TransUnion will give you access to view your report online. You should examine it carefully for accuracy. TransUnion will also share this information with Equifax and Experian who will both mail you confirmation letters containing a number to call to order complimentary copies of your credit reports for review.

    To contact one of the credit reporting bureaus, please see below:

    Equifax: 1-800-525-6285
    PO Box 740260
    Atlanta, GA 30374

    Experian: 1-888-397-3742
    PO Box 9554
    Allen, TX 75013

    TransUnion: 1-800-680-7289
    PO Box 2000
    Chester, PA 19016

    It is only necessary to contact one of these bureaus and use one of these methods.

    You will not be charged for this service. Please note placing a fraud alert may delay your ability to open new lines of credit quickly.

  • Annual Credit Report


  • You can order a copy of your credit report, for free, once a year from each credit reporting bureau.  You can obtain a free credit report by visiting www.annualcreditreport.com or by calling 1-877-322-8228.

  • Review Your Credit Report


  • When you receive any credit report, you should review it carefully.  Look for accounts you did not open.  Look for inquiries from creditors that you did not initiate.  Look for personal information, such as home address, employment or Social Security numbers, that are not accurate.  If you see anything you do not understand, call the credit reporting bureau at the telephone number on the report.

    If your credit report indicates fraud or identity theft, call your local police or sheriff’s office and file a report of identity theft.  Get a copy of the police report.  You may need to give copies of the police report to creditors to clear up your records.

  • For More information


  • Should you wish to learn more about identity theft and how to protect yourself, you may contact the Federal Trade Commission at 1-877-438-4338. The FTC website, www.consumer.ftc.gov, also offers additional information on identity theft that you may find helpful.

  • Security Freezes


  • The security freeze (or credit freeze) is an option best reserved for people who have experienced extreme identity theft. Because the freeze essentially locks down your credit, it is not a good option for people who are simply seeking extra protection for their credit. We feel that credit monitoring, fraud alerts, and victim restoration services are more than sufficient options for defense against identity theft.

    A security freeze will not prevent you from enrolling in our services. You can certainly sign up with us and do not need to lift the freeze to do so. The reason for this is because we do not request your Social Security number to enroll—only name, address, phone, and email. None of these items would necessitate a credit inquiry. However, a security freeze will affect your ability to activate the monitoring portion of your membership. To activate the monitoring portion you will need to temporarily lift your security freeze.

    To learn more about security freezes and relevant state laws, contact your State Attorney General’s office or visit the Federal Trade Commission’s website for credit freeze information.


    Please note that you must have an established credit file and credit history to place a fraud alert, a credit freez
    e or utilize www.annualcreditreport.com.