Last Updated: October 20, 2023

Pro Mach Inc. (“ProMach” or “we”) was subject to a cybersecurity incident in September 2023, and these FAQs are intended to address the questions or concerns you may have about this incident.

ProMach understands the importance of cybersecurity and protecting your sensitive personal data. From the start, we moved quickly to contain the incident, and we conducted a thorough investigation with the assistance of leading security experts. We are working hard to ensure that individuals impacted by this incident have answers to questions about their personal data.

1. What happened?

• On September 8, 2023, ProMach was the victim of a cyberattack whereby an outside group accessed our information networks and systems.
• Our internal IT team immediately isolated the malicious activity, deployed security measures to contain and mitigate the threat, and engaged independent security experts to conduct a thorough forensic investigation.

2. What kind of information was accessed?

• As part of this cybersecurity incident, the outside group accessed certain shared folders and personnel and HR files within our custody and control.

3. What type of sensitive personal data was compromised?

• This cybersecurity incident resulted in an unauthorized third party obtaining access to ProMach’s personnel and HR-related files, which contained sensitive personal data. ProMach maintains this sensitive personal data to provide benefit programs (e.g., health and wellness programs, retirement plans), to assess worker eligibility, and for tax filing and similar business purposes.
• Accordingly, this personal data relates to some current and former ProMach employees, and potentially their beneficiaries and dependents.
• Please note that if you are a current employee of ProMach, you will receive a letter/notice from ProMach that describes the types of sensitive personal data that was impacted by this incident.

4. Is ProMach offering credit monitoring services? How do I enroll?

• There is no evidence that your personal data has been misused or will be misused in the future. However, out of an abundance of caution, we are providing complimentary identity-theft monitoring offered through Equifax to individuals who may have been impacted in this incident.
• To enroll in this service, go to www.equifax.com/activate, enter your unique Activation Code that was contained in the notice we sent you or which you can obtain by calling the number below; then click “Submit” and follow the four simple steps provided through the Equifax website.
• In the notification letter, the front page of the “enrollment instructions” attachment contains an activation code; the back page contains the activation code for minor children (if applicable). The parent/guardian needs to complete their enrollment first.
• We have a dedicated call center to answer questions you may have about this incident. You can reach the call center at 855-457-8895, Monday - Friday, 9:00 am to 9:00 pm (EST).

5. Can current and former ProMach employees enroll their family members in the credit monitoring services?

• Although there is no evidence that any personal data has been misused or will be misused in the future, we are – out of an abundance of caution – providing complimentary identity-theft monitoring offered through Equifax to individuals who may have been impacted in this incident, which includes immediate family members of current and former ProMach employees.
• If you would like additional “enrollment codes” to enroll your immediate family members into these services, please contact our call center at 855-457-8895, Monday - Friday, 9:00 am to 9:00 pm (EST) and they will coordinate with us to ensure you have the proper enrollment codes.

6. Why does ProMach maintain information on my spouse and children?

• ProMach administers certain healthcare, wellness, retirement and similar benefits programs for our employees. Accordingly, ProMach collects and maintains sensitive personal data on the employees enrolled in these programs and on any family members they chose to enroll in these programs.
• Out of an abundance of caution, we are offering current ProMach employees complimentary credit monitoring for their family members.

7. I never received an activation code to enroll in the credit monitoring services – what should I do?

• The activation code was included in the letters mailed to current employees whose information was affected.
• If you are a former employee, if you did not receive a letter, or if you lost your letter, please contact our dedicated call center 855-457-8895, Monday - Friday, 9:00 am to 9:00 pm (EST) and provide them with your name, mailing address, and telephone number. The call center will coordinate with ProMach to determine whether you and your family members are eligible to enroll in the credit monitoring services.

8. Did ProMach report this incident to law enforcement?

• We voluntarily notified the Federal Bureau of Investigation (FBI) of this cybersecurity incident, and we have been cooperating with their investigation. We are hopeful that the FBI will capture and prosecute those responsible for this incident.

9. I am a supplier or customer of ProMach, was my sensitive personal data compromised?

• No, ProMach does not retain sensitive personal data on our customers, clients, or suppliers, and therefore no such sensitive personal data was involved in this incident.

10. How did ProMach discover the incident?

• ProMach had established a comprehensive information security program prior to this incident, and our IT team identified unusual activity occurring within our information networks and systems.

11. How can ProMach be sure this type of cyberattack does not happen again?

• ProMach implements and maintains a comprehensive information security program, which is one of the reasons we were able to identify this cyberattack and respond to it quickly.
• In addition, we have implemented a broad range of technical, physical, and administrative security controls to safeguard our IT environment, and we will constantly evaluate the sufficiency of these controls against industry standards and reasonably foreseeable threats.

12. Are there any additional steps that I can take to protect myself against fraud and identity theft?

• Although there is no evidence that your personal data has been, or will be, misused as a result of this incident, you should remain vigilant and regularly review your credit card bills, bank statements, and credit reports for any unauthorized activity.
• Promptly report incidents of suspected identity theft or fraud to your local law enforcement agency, the Federal Trade Commission, your state Attorney General, your financial institution, and/or to one of the three nationwide consumer reporting agencies.
• Change your passwords regularly, and refrain from using easily guessed passwords and re-using the same passwords for multiple accounts.

13. How can I obtain a free copy of my credit report?

• You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies.
• To order your annual free credit report, please visit www.annualcreditreport.com, call toll free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s website at www.consumer.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
• Contact information for the three nationwide credit reporting companies is as follows:
  • Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111.
  • Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742.
  • TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800.

14. What should I do if I think my personal data has been misused?

• Although there is no evidence that your personal data has been, or will be, misused as a result of this incident, if you believe you are the victim of identity theft or have reason to believe your personal data has been misused, you should immediately contact the Federal Trade Commission (FTC) and/or the Attorney General’s office in your state.
• The following is the contact information for the FTC: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft.

* * * * * * * * * *

« Back to ProMach Data Security Breach/Incident Main Page