ABOUT THE DATA PRIVACY EVENT
Welfare & Pension Administration Service, Inc. (“WPAS”) is a third-party administration firm that specializes in multi-employer benefit plan administration. WPAS is providing notice of a recent incident that may impact some information of members of some plans WPAS administers. This notice provides you with information about the incident, our response, and steps you may take to help protect your personal information, should you feel it necessary.
What Happened?
On July 21, 2021, WPAS discovered that portions of our computer network were infected with malware that affected certain systems. We promptly activated our Incident Response Team, isolated the affected systems, initiated other containment measures, and with the assistance of third-party forensic specialists, launched an investigation into the nature and scope of the incident. On or about July 28, 2021, the investigation confirmed that certain folders may have been accessed or removed from our system. WPAS therefore undertook a lengthy, time-intensive, and thorough review of the affected folders to identify the information that was potentially impacted and to whom it related. On or around December 20, 2021, this process was completed and we have been working with our client funds to provide notification to potentially impacted individuals as quickly as possible.
What Information Is Involved?
While the specific impacted information varies by individual; our investigation determined that the information which may have been impacted includes individual name, date of birth, Social Security number, driver’s license number, passport number, employer identification number, financial account information and payment card information, electronic or digital signature, medical claims information, medical treatment or diagnosis information, prescription information, health insurance identification number, and health insurance group number. Importantly, there is no indication specific information was accessed or misused. However, together with and on behalf of our client funds, we are providing notice of this incident.
What We Are Doing.
Information security is one of WPAS’s highest priorities, and we have security measures in place to help protect information in our care. Upon discovering this incident, we promptly took steps to mitigate potential harm from the event. We have reset passwords across the network, brought in third-party forensic specialists to assist with the investigation and remediation, and notified federal law enforcement of this event. WPAS is continuing to review and enhance our existing policies and procedures and is implementing additional safeguards to further secure the information in our systems and reduce the likelihood of a similar future event. We are also assisting our client funds with notifying relevant regulatory authorities. .
As an added precaution, WPAS is offering access to identity monitoring services through Kroll, at no cost to individuals. You can activate services on this site. Additional information on the services is available below.
What You Can Do.
WPAS is not aware of any fraudulent misuse of information. As a general precaution, we encourage individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and to detect errors. Individuals can also review the information contained in the attached “Steps Individuals Can Take To Help Protect Information.”
For More Information.
If you have additional questions or concerns, please call our dedicated assistance line at (855) 568-2075, which is available Monday through Friday, from 8:00 am to 5:00 pm Pacific Time. You may also write to WPAS at PO Box 34203, Seattle, WA 98124-1203.