Posted On June 6, 2022 Consumer Privacy & Data Breaches
June 6, 2022 – Perkins & Company, PC reported a data breach after the company was targeted in a recent cybersecurity attack. As a result of the breach, the name or other personal identifier in combination with: Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account) of certain individuals was compromised. The Perkins & Company data breach is believed to have impacted as many as 354,647 individuals. On May 27, 2022, Perkins & Company sent out data breach letters to those individuals whose information was affected by the breach.
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from Perkins & Company, PC, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Below is a portion of the letter that Perkins & Company, PC sent to individuals affected by the data breach:
Dear [Redacted]:
Perkins & Co (“Perkins”) is a privately held accounting firm located in Portland, Oregon, and provides accounting and tax services to both individuals and organizations. Perkins is writing to provide details about a cybersecurity incident that affected Netgain, a vendor we use to store data in the cloud. At this time, we remain unaware of any significant increase in suspicious activity to indicate that Perkins’ client or employee information has been misused in connection with this incident and will continue to monitor this issue. However, because your personal information may be impacted by this event, we are providing you with details about the incident, our response, and steps you can take to better protect your personal information, should you feel it appropriate to do so.
Who is Perkins & Co / Why Do You Have My Information?
Perkins provides accounting and tax services to both individuals and organizations. As part of those services, Perkins handles information relating to individuals. This Cyber security incident occurred with Netgain, Perkins’ third-party data hosting vendor. Please know that this incident did not impact the computer systems of Perkins or its clients.
What Happened.
On December 3, 2020, Netgain alerted us that they had shut down their systems and began working with outside cybersecurity specialists because of a ransomware attack on their systems that impacted our normal business operations.
On January 15, 2021, Netgain confirmed the following: Between November 8, 2020, and December 3, 2020, an attacker accessed servers storing Perkins’ files, some of which they copied and stole. They also encrypted files and demanded to be paid a ransom by Netgain in exchange for returning copies of stolen files and providing a key to access encrypted files. Netgain paid a ransom, and the attacker returned the files they had stolen, along with a decryption key. As we mentioned in a prior communication, according to Netgain, law enforcement and the cybersecurity specialists they engaged, this attacker is not known to post the data, nor keep any copies of it once a ransom is paid. However, we know that there are no guarantees, and we still consider any data viewed or stolen by the attacker to be at risk. Perkins conducted a comprehensive and time-intensive review of the information stored on the impacted server hosted by Netgain, and this data review process recently concluded.
What Information Was Involved.
As part of the services that Perkins provides, your information was stored on a server that Netgain reports was accessed by the attacker, though there is no indication Perkins was intentionally targeted in this attack. The following types of your personal information were stored on the server hosted by Netgain which was impacted by this event: name, and [Redacted]
What Perkins is Doing.
Perkins takes the security and privacy of the personal information entrusted to us very seriously. We confirmed that Netgain has taken steps to further safeguard against future threats, including implementing additional advanced threat protection tools, resetting passwords, reviewing and restricting access rights, and hardening network security rules and protocols. Perkins reported this incident to the IRS and state tax authorities, as well as applicable state data privacy regulatory authorities.
As an added precaution, we are offering you access to complimentary credit monitoring and identity restoration services through IDX for a period of [Redacted] months. Individuals who wish to receive these services must enroll by following the attached enrollment instructions.
What You Can Do.
We encourage you to remain vigilant by monitoring your accounts and reviewing the enclosed Steps You Can Take to Help Protect Your Personal Information for additional guidance on how to protect your personal information. There you will also find more information on the credit monitoring and identity restoration services Perkins is offering and the steps you can take to enroll to receive them.
For More Information.
We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please call our dedicated assistance line at [Redacted], available Monday through Friday, 6am to 6pm Pacific Time.
