Posted On May 3, 2022 Consumer Privacy & Data Breaches
May 3, 2022 – Recently, Phoenix Technology Services, Inc. reported a data breach after an unauthorized party was able to gain access to sensitive employee information stored on the company’s computer servers. As a result of the breach, the names, Social Security numbers, financial account information and passport numbers of certain individuals were compromised. On April 29, 2022, Phoenix Technology Services, Inc. sent out data breach letters to those whose information was affected by the breach.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Phoenix Technology data breach on behalf of employees whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Phoenix Technology Services, Inc.
According to an official filed by the company, on December 2, 2021, Phoenix Technology Services learned of a data security incident affecting its computer system. However, the company explains that the unauthorized access began on November 24, 2021.
In response, the company secured its computer systems and launched an investigation to learn more about the nature and scope of the incident. On December 10, 2021, Phoenix Technology confirmed that an unauthorized party was able to access and potentially remove sensitive files from the Phoenix Technology network. Then, on February 22, 2022, the company first became aware of the scope of the leaked data. The dates the unauthorized party had access to the system were between November 24, 2021 and December 2, 2021.
Upon learning of the unauthorized access, Phoenix Technology then sought to identify whether any employees’ sensitive information was contained in the affected files. On April 1, 2022, the company completed its review of the compromised files. While the breached information varies based on the individual employee, it may include the following information:
On April 29, 2022, Phoenix Technology issued data breach letters to those employees whose information was compromised in the breach.
Phoenix Technology Services, Inc. is a division of PHX Energy Services Corp., a large oil and gas company focused primarily on drilling operations. The company was founded in 1995, and is traded on the TSX under the ticker symbol “PHX.” Phoenix Technology Services is based in Calgary, Ontario, Canada, but its U.S. operations are based in Houston, Texas. Phoenix Technology Services employs more than 750 people and generates approximately $230 million in annual revenue.
Below is a portion of the data breach letter that was sent to affected individuals:
Notice of Data Breach
What Happened: We are writing to notify you that Phoenix Technology Services Inc., Phoenix Technology
Services USA Inc., and their respective wholly-owned subsidiaries (collectively, the “Company”) recently
experienced a data security incident that may have involved some of your personal information.
On December 2, 2021, the Company detected that an intruder had gained access to the Company’s servers. The
intrusion occurred starting on November 24, 2021, but the Company was not aware of the intrusion until
December 2, 2021, at which point it took immediate action to address the situation.
On December 10, 2021, the Company, in conjunction with the 3rd party cybersecurity experts, determined that
the intruder had gained access to personal information of employees and former employees. On February 22,
2022, through additional analysis and forensic review of the exfiltrated files, we first became aware that the
scope of the data breach included individuals in the United States. On April 1, 2022 we identified that your
personal information was affected.
What Information was Involved: We are conducting a thorough investigation to determine what personal
information might have been impacted. Impacted personal information may include the following:
• Full Name
• Address
• Social Security Number
• Date of Birth
• Banking Account Number
• Driver’s License Number
• Passport Number
• Dependent/Beneficiary Name
• Dependent/Beneficiary Address
• Dependent/Beneficiary Social Security Number
• Dependent/Beneficiary Date of Birth
What we are Doing: We regret that this incident occurred and take the security of our information very seriously.
As a result of this incident, we have engaged an IT forensics company to determine the cause of the unauthorized
access to the Company’s IT systems, the extent of the intrusion, and took steps to bolster the security of the
Company’s IT infrastructure, including improvements to our services, server upgrades, and engaging 3rd party
experts to monitor traffic.
We are confident that, with the steps taken to date, we have mitigated the chance of a similar occurrence in the
future, and we will continue to engage cybersecurity experts and implement their recommendations as
appropriate.
We are also very aware of the concern an incident such as this can create. Accordingly, we are offering you
monitoring service for one year from the date of this letter. It may also be prudent to notify your bank in the
event that anyone tries to access your accounts fraudulently.
What You Can Do: Supplemental information is attached to this letter, including the Steps You Can Take to
Protect Your Information as guidance on further protecting your personal data. You can also obtain information
about fraud alerts and security freezes from the FTC and the credit reporting agencies listed below:
Federal Trade Commission, https://www.ftc.gov, 600 Pennsylvania Avenue, NW, Washington,
DC 20580 1-877-FTC-HELP
Nationwide Consumer Reporting Companies:
Equifax, https://www.equifax.com, Equifax Credit Information Services, LLC, P.O. Box
740241, Atlanta, GA 30374, 1-800-525-6285
Experian https://www.experian.com, Experian National Consumer Assistance Center,
P.O. Box 4500, Allen, TX 75013, 1-888-397-3742
TransUnion https://www.transunion.com, TransUnion Consumer Relations, P.O. Box
2000, Chester, PA 19016-2000, 1-800-680-7289
To the extent you desire to freeze your credit report, you must separately place a credit freeze on your credit
file at each of the three credit reporting agencies. There is no charge associated with placing a credit freeze. The
following information should be included when requesting a credit freeze:
1) Full name, with middle initial and any suffixes;
2) Social Security number;
3) Date of birth (month, day, and year);
4) Current address and previous addresses for the past five (5) years;
5) Proof of current address, such as a current utility bill or telephone bill;
6) Other personal information as required by the applicable credit reporting agency.
More Information: We regret any inconvenience or concern that this incident has caused you. If you have
questions or require additional information about the incident, we can be reached by mail at 12329 Cutten Road
Houston, Texas 77066, we also have a call center available at (833) 514-1014.
