Global Benefits, Former Benefit Plan Administrator, CyberSecurity Breach
Contact Global Benefits to learn more by calling 1-855-660-1364
We write to inform you about a cybersecurity breach experienced by our former benefit plan administrator, Global Benefits. We understand that notification from Global Benefits is forthcoming, but we wish to provide you advance notice as soon as possible.
We have been informed by Global Benefits that a cybersecurity breach has affected some of our members whose historical records were retained by Global Benefits. We want to assure you that there is no impact on our current benefit or pension plan.
We understand that all affected members will receive a notification letter from Global Benefits this week. If you do not receive this letter, Global Benefits has not identified you as an affected individual. Global Benefits has indicated that the personal data that may have been accessed in this cybersecurity breach may include names, addresses, dates of birth, banking information and social Insurance numbers.
We have been informed by Global Benefits that the cybersecurity breach occurred on January 16, 2023. The cybersecurity incident was only brought to our attention recently. We took immediate action upon learning of the incident to investigate and address the situation, prioritizing the protection of your data and privacy.
Upon learning about the security breach, we requested a comprehensive plan and information concerning Global Benefit's management of the data breach. We also received guidance from legal counsel so that we can ensure that we are taking all available steps to protect your personal information. Together with Legal Counsel we continue to review information provided by Global Benefits to ensure that all necessary steps are taken, and any potential harmful effects are mitigated.
We encourage all affected members to take advantage of the 12-month credit monitoring service offered by Global Benefits through Equifax which is no cost to you and paid solely by Global Benefits. The Equifax service will provide you with notification in the circumstance where there is fraudulent activity on your credit report. The service MUST be activated by August 31, 2023. The activation code is located on the letter from Global Benefits to affected members which we understand will be sent this week.
If you did not receive an activation code or you need assistance with your activation, please contact the Global Benefits dedicated call centre at 1-855-660-1364.
It is important that all affected union members enroll in Equifax services as soon as possible in order to receive protection against fraud and identity theft insurance of up to $1,000,000 in the unfortunate case of damages related to fraud, as outlined in the Global Benefits letter.
We ask that you continue to remain vigilant regarding any threats of identity theft and fraud including any unauthorized transactions.
We understand this event is stressful and we are reviewing Global Benefits response to this breach with the assistance of Legal Counsel. We understand that Global Benefits has engaged cybersecurity experts in this process to take measures to avoid future security incidents. We will continue to review Global Benefit's response and take every action available to ensure the protection of our membership's sensitive personal information.
We want to clarify that Global Benefit was a third-party company that we worked with until 2019. Since then, we have discontinued our partnership and they are no longer involved in our operations. We are mentioning this to provide complete transparency and assure you that their breach does not impact the security of your data within our systems.
Simultaneously, our dedicated IT team has been actively involved in implementing precautionary measures to fortify our own security infrastructure. In an effort to ensure the utmost protection, we have requested all third-party companies that work with us to provide their latest security reports and penetration test results. This allows us to thoroughly assess their security protocols and verify their alignment with our stringent standards.
We want to assure you that our existing security measures within our IT infrastructure are robust and designed to safeguard your data. Here are some examples:
Firewalls with Traffic Control: We utilize powerful firewalls that help us control and monitor the traffic entering and leaving our network. These firewalls enable us to prevent unauthorized access attempts and ensure the security of our systems.
Data Encryption: We employ strong encryption techniques to protect your data both during transmission and at rest. This ensures that your information remains confidential and inaccessible to unauthorized individuals.
Access Controls: We have implemented strict access control mechanisms, including stringent password policies, and role-based access controls. These measures ensure that only authorized personnel can access your data.
Data Backups and Disaster Recovery: We have implemented comprehensive data backup procedures to ensure the availability and recoverability of your information in the event of data loss or system failures. Our disaster recovery plans are regularly tested to ensure effective recovery procedures.
Employee Training: Our staff undergoes regular training programs to enhance their awareness of cybersecurity best practices. This includes recognizing and avoiding phishing attempts, practicing good password hygiene, and being vigilant against social engineering attacks.
Ongoing Security Updates: We regularly update our systems, software, and applications with the latest security patches and enhancements. This helps protect against known vulnerabilities and ensures the overall security of our infrastructure.
Compliance with Data Protection Regulations: We strictly adhere to applicable data protection and privacy regulations. Our practices align with industry standards, and we continuously evaluate and improve our procedures to maintain compliance.
Security Policy updates: We ensure the continuous enhancement of our IT security policies by regularly reviewing and updating them.
While we already have robust security measures in place, we are committed to continuously improving our security framework. In light of the recent incident, we are actively exploring the implementation of a stronger monitoring system to enhance our network traffic control and further bolster our security capabilities.
We apologize for any inconvenience or concern this incident may cause you. If you have questions regarding this incident, please contact Global Benefit dedicated call centre at 1-855-660-1364 between the hours of 9:00 a.m. to 5:00 p.m. EST Monday to Friday.
Thank you for your understanding and ongoing support as we work diligently to resolve this matter.
Questions & Answers
How do I know if my data has been compromised?
You will receive a letter from Global Benefits, stating that your data was compromised.
If you do not receive a letter, then you must have not been affected.
If you are a new member or joined Local 793 after November 1, 2019, you will not be affected.
What do I do if I am affected?
Contact Global Benefits at 1-855-660-1364 between the hours of 9:00 a.m. to 5:00 p.m. EST. Monday to Friday.
Strongly encouraged to enroll in the 12-month credit monitoring service through Equifax offered by Global Benefits for all affected members.
What steps is the Union/Local 793 taking to protect my data?
The Local 793 IT team is involved in the following:
implementing precautionary measures to fortify our own security infrastructure and stronger monitoring system to enhance our network traffic control and further bolster our security capabilities.
requesting all third-party companies that work with us to provide their latest security reports and penetration test results. This allows us to thoroughly assess their security protocols and verify their alignment with our stringent standards.
When did the breach occur?
The breach occurred on January 16, 2023, and Local 793 was notified in early May of the breach. Local 793 took immediate action upon learning of the incident to investigate and address the situation, prioritizing the protection of your data and privacy, and sought legal counsel.
Will this impact my benefits or pensions?
The breach will not have any impact on your current benefits or pension Plan.