This is a legal notice to inform potentially affected individuals of a data incident that occurred at SN Servicing Corporation (“SN”). This notice may apply to some individuals who were affected by a cybersecurity incident on or about October 15, 2020.
On or about October 15, 2020, SN discovered unauthorized access to its network. Upon discovery, SN immediately terminated the access and retained a specialized cybersecurity forensic team to conduct an investigation to determine the nature and scope of the Incident. The forensics team first identified the names and locations of files that were exfiltrated from the firewall records. This investigation concluded on or about November 24, 2020. Based on the results of the investigation, it was determined that an unauthorized party may have been able to access sensitive personal information for some of our borrowers.
SN was able to quickly identify a subset of documents which were believed to contain sensitive information for some borrowers. In the interest of notifying the borrowers as quickly as possible, a preliminary notice was provided for that collection of documents as quickly as possible. A data mining vendor was then hired to review the remaining documents to identify any additional individuals that may have been affected and what data may have been exposed. The data mining vendor provided its results on or about April 27, 2021.
SN engaged in a substantial data validation process to verify the accuracy of the data and reconcile to internal records. Immediately after concluding its validation procedures, SN procured credit monitoring to offer affected individuals and drafted notices to individuals, consumer credit reporting agencies, and state regulators as appropriate.
What information was involved?
While we have no reason to believe that your information has been misused as a result of this incident, we are notifying you out of an abundance of caution and for purposes of full transparency. Based on the investigation, the unauthorized party may have had access to one or more of the following data elements: name, contact information, date of birth, social security number, and loan/borrower information. Please note that not every data element was present for every individual. While we appreciate that the incident may be concerning, please note that SN is not aware of any instances of misuse of sensitive data.
What Is SN Doing?
SN engaged a specialized cybersecurity firm to conduct an investigation of the incident. Since the incident, SN has continued to strengthen their security posture. Additionally, we have also obtained complimentary credit monitoring for all affected individuals. We encourage you to take advantage of the complimentary credit monitoring services. We are making these services available to you at no cost; however, you will need to enroll yourself in these services by calling (800) 603-0836.
What You Can Do
SN encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Please call (800) 603-0836 for more information on how to obtain free credit monitoring.
For More Information
Upon discovery of this incident, SN has arranged for its clients to enroll in complimentary credit monitoring services to provide its clients with Credit Monitoring and Identity Theft Protection Services at no cost. We are making these services available to you at no cost; however, you will need to enroll yourself in these services.
SN sincerely regrets any inconvenience that this incident may cause to its clients and remains dedicated to protecting their information. If you are a client and have any questions or concerns about this incident, please call us at (800) 603-0836.