Notice of Data Security Incident
CopperPoint is notifying individuals whose information may have been involved in two data security incidents that occurred earlier this year.
On January 11, 2021, we learned that an unauthorized third party gained access to certain CopperPoint employees’ email accounts. Subsequently, on March 1, 2021, we discovered a separate instance in which one employee’s email account was impacted by a similar event. Upon discovering these incidents, we promptly secured the email accounts and began an internal investigation. We engaged an IT forensic firm to investigate and confirm the security of our email and computer systems. Law enforcement was also notified.
On June 24, 2021, and July 22, 2021, these investigations determined that the accounts that were accessed by the unauthorized third parties contained certain individuals’ personal information. We then worked with an external firm to conduct a manual document review process to identify involved individuals and their mailing addresses.
From the investigation, we determined that the involved email accounts may have contained certain information of our customers and employees. Those accounts may have included names, addresses, birthdates, Social Security numbers, and medical diagnoses and treatments.
CopperPoint is beginning to mail notification letters to involved individuals to provide them with information about these incidents and guidance on how they can help protect their information. To date, we have no indication that any of this information has been used inappropriately, and we have not received any reports of identity theft associated with these incidents. However, we are offering complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers, driver’s license numbers or passport numbers are involved in this incident.
Protecting the privacy of customers’ and employees’ personal information is important to us, and we regret any inconvenience these incidents may cause our customers. To help prevent similar incidents from occurring in the future, we have taken steps to enhance the security of our systems, including implementing additional technical safeguards, reviewing our policies and procedures, and requiring security training for employees.
CopperPoint established a dedicated, external call center for individuals to ask questions. The call center can be reached at 855.912.1240 from 8:00 am to 5:30 pm Central Time, Monday through Friday, excluding major U.S. holidays.