Honolulu Star-Advertiser MidWeek The Garden Island Hawaii Tribune-Herald West Hawaii Today

Oahu Publications, Inc. Data Security Breach/Incident

Last updated: March 4, 2024

Oahu Publications, Inc. (“OPI” or the “company”) understands the importance of protecting personal data and retaining the trust of customers and employees. Unfortunately, OPI was the victim of a cybersecurity incident, and certain sensitive personal data within the company’s custody and control was compromised. Although there is no indication that any sensitive personal data involved in this cybersecurity incident has been misused or will be misused in the future, out of an abundance of caution, OPI is providing complimentary credit monitoring and identity theft protection services to those individuals who may have been impacted by this cybersecurity incident.

Please see below for more information on the scope and nature of this incident and the resources available to you.

What Happened?

On January 10, 2024, OPI discovered that a third party gained unauthorized access to its information technology environment. The company immediately deployed security measures to contain and mitigate this threat and retained an external incident response team to accelerate recovery efforts. Fortunately, OPI was able to contain the threat and return to a normal state of business operations in a timely manner. OPI proactively notified the Federal Bureau of Investigation (FBI) of this incident and is assisting with its investigation.

What Personal Data Was Impacted?

As part of its internal investigation into this cybersecurity incident, OPI identified that an unauthorized third party gained access to OPI’s HR files and records that contained information on its employees’ participation in the company’s benefits programs. These files and records contained sensitive personal data on company employees and, in some limited circumstances, their immediate family members.

What You Can Do

There is no indication that any sensitive personal data involved in this cybersecurity incident has been misused or will be misused in the future. Yet, out of an abundance of caution, OPI is providing complimentary credit monitoring and identity theft protection services to those individuals who may have been impacted by this cybersecurity incident.

• If you are a current employee of OPI, you will receive a separate notice in the mail about this incident and the services available to you.

• If you are a former employee of OPI, please inquire (via the phone number provided in the “For More Information / FAQ” paragraph below) as to whether your personal data was subject to this incident and whether you are eligible to enroll in complimentary credit monitoring services.

Suppliers and Customers

OPI does not retain sensitive personal data on our customers, clients, or suppliers, and therefore no such personal data was impacted in this incident.

For More Information

OPI has established a dedicated call center to answer questions you may have about this incident, which you can reach at 888-319-9269, Monday – Friday, 9:00 am to 9:00 pm (EST).

Please see our Additional Data Security Information worksheet (below) for more information on resources potentially available to you.

* * * * * * * * * *

Additional Data Security Information

It is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com, call toll free at 1-877-322-8228 or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s website at www.consumer.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. Contact information for the three nationwide credit reporting companies is as follows:

• Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111.
• Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742.
• TransUnion, PO Box 2000, Chester, PA 19016, https://www.transunion.com, 1-800-916-8800.

When you receive your credit report: (i) review it carefully, (ii) look for accounts you did not open, (iii) look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security Number). You should also look in the “inquiries” section for names of creditors from whom you have not requested credit. You should notify the consumer reporting agencies immediately of any inaccuracies in your report or if you see anything you do not understand. The consumer reporting agency and staff will review your report with you. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, 1-877-IDTHEFT (438-4338), https://www.ftc.gov/idtheft.

If you are a California resident, you may contact and obtain information from your state Attorney General at the following:

• California Department of Justice, Office of Privacy Protection, PO Box 944255, Sacramento, CA 94244-2550, 1-800-952-5225, www.oag.ca.gov/privacy.

Fraud Alerts: There are two types of fraud alerts you can place on your credit report to put your creditors on notice that you may be a victim of fraud—an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for at least 90 days. You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. You can place a fraud alert on your credit report by contacting any of the three national credit reporting agencies.

Credit Freezes: You have the right to put a credit freeze, also known as a security freeze, on your credit file, free of charge, so that no new credit can be opened in your name without the use of a personal identification number (“PIN”) that is issued to you when you initiate a freeze. A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a security freeze may delay your ability to obtain credit. There is no fee to place or lift a security freeze. Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit reporting company. For information and instructions to place a security freeze, contact each of the credit reporting agencies at the addresses listed above.

To request a security freeze, you will need to provide the following information: (i) Your full name (including middle initial as well as Jr., Sr., II, III, etc.), (ii) Social Security number, (iii) Date of birth, (iv) If you have moved in the past five years, provide the addresses where you have lived over the prior five years, (v) Proof of current address such as a current utility bill or telephone bill, (vi) A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.), (vii) If you are a victim of identity theft, include a copy of the police report, investigative report, or complaint to a law enforcement agency concerning identity theft. The credit reporting agencies have one business day after receiving your request by toll-free telephone or secure electronic means, or three business days after receiving your request by mail, to place a security freeze on your credit report. The credit bureaus must also send written confirmation to you within five business days and provide you with a unique personal identification number (“PIN”) or password or both that can be used by you to authorize the removal or lifting of the security freeze. To lift the security freeze in order to allow a specific entity or individual access to your credit report, or to lift a security freeze for a specified period of time, you must submit a request through a toll-free telephone number, a secure electronic means maintained by a credit reporting agency, or by sending a written request via regular, certified, or overnight mail to the credit reporting agencies and include proper identification (name, address, and Social Security number) and the PIN or password provided to you when you placed the security freeze as well as the identity of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit reporting agencies have one business day after receiving your request by toll-free telephone or secure electronic means, or three business days after receiving your request by mail, to lift the security freeze for those identified entities or for the specified period of time. To remove the security freeze, you must submit a request through a toll-free telephone number, a secure electronic means maintained by a credit reporting agency, or by sending a written request via regular, certified, or overnight mail to each of the three credit bureaus and include proper identification (name, address, and Social Security number) and the PIN or password provided to you when you placed the security freeze. The credit bureaus have one business day after receiving your request by toll-free telephone or secure electronic means, or three business days after receiving your request by mail, to remove the security freeze.

Fair Credit Reporting Act: You also have rights under the federal Fair Credit Reporting Act (the “FCRA”), which promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. The Federal Trade Commission has published a list of the primary rights created by the FCRA, and the article is available at (https://www.consumer.ftc.gov/sites/default/files/articles/pdf/pdf-0096-fair-credit-reporting-act.pdf), and that article refers individuals seeking more information to visit www.ftc.gov/credit. The Federal Trade Commission’s list of FCRA rights includes the following:

You have the right to receive a copy of your credit report. The copy of your report must contain all the information in your file at the time of your request. Each of the nationwide credit reporting companies – Equifax, Experian, and TransUnion – is required to provide you with a free copy of your credit report, at your request, once every 12 months. You are also entitled to a free report if a company takes adverse action against you, like denying your application for credit, insurance, or employment, and you ask for your report within 60 days of receiving notice of the action. The notice will give you the name, address, and phone number of the credit reporting company. You are also entitled to one free report a year if you are unemployed and plan to look for a job within 60 days, if you are on welfare, or if your report is inaccurate because of fraud, including identity theft. You have the right to ask for a credit score. You have the right to dispute incomplete or inaccurate information. Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Consumer reporting agencies may not report outdated negative information. Access to your file is limited. You must give your consent for reports to be provided to employers. You may limit “prescreened” offers of credit and insurance you receive based on information in your credit report. You may seek damages from violators. Identity theft victims and active-duty military personnel have additional rights.

Note: The delivery of this notice has not been delayed as a result of a law enforcement investigation.

* * * * * * * * * *

RATES