Father Bill’s & Mainspring Notifies Individuals of Possible Data Security Incident

BROCKTON, MASSACHUSETTS – January 2021 – Father Bill’s & Mainspring (“Father Bill’s”) became aware of a data security incident affecting our community members that may have resulted in the disclosure of limited personally identifiable information (“PII”).  Father Bill’s takes the privacy and protection of personal information very seriously.  Community trust is a top priority, and we deeply regret any inconvenience this may cause.  At this time, Father Bill’s has no evidence that any personal information has been misused.  However, out of an abundance of caution, Father Bill’s is taking all possible efforts to individually notify current and former community members whose personal information may have been exposed to provide details of the incident, and provide resources to help protect affected individuals.

On July 31, 2020, a Father Bill’s employee was the victim of a phishing attack that compromised the employee’s Father Bill’s email account.  Shortly after, the employee noticed an increase in outbound traffic from the email account and alerted Father Bill’s information technology department (“IT”).  IT conducted a preliminary investigation, which revealed that the threat actor perpetrated a spam campaign to forward the phishing email to recipients in the employee’s email address book.  IT immediately secured the user’s account, and Father Bill’s immediately engaged third-party law firm Wilson Elser, and a third-party forensics firm to perform a comprehensive investigation.  The forensics investigation revealed that the threat actor potentially viewed your name and social security number, along with some other sensitive PII elements, such as your date of birth, driver’s license, and financial account number.  Once the affected population was identified, Father Bill’s worked with Wilson Elser to draft the appropriate notification letter to individuals and regulators.  Upon discovery of the unauthorized access to the inbox, Father Bill’s immediately changed all passwords associated with our entire email environment.

Father Bill’s sincerely regrets any concern or inconvenience that this matter may cause and remains dedicated to ensuring the privacy and security of all personal information of our community.  Father Bill’s encourages anyone who has additional questions about this Incident or believes they may have been impacted to call Father Bill’s & Mainspring’s toll-free informational hotline at 800-354-1692.

In addition to the services we provided, you have the right to obtain a police report if you are the victim of identity theft.  Furthermore, you can place a freeze on your credit report for no cost by contacting the three major credit bureaus.  Their contact information is:

Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348

Experian Security Freeze PO Box 9554
Allen, TX 75013

TransUnion (FVAD)
PO Box 2000
Chester, PA 19022

In addition, you can contact the Federal Trade Commission (“FTC”) for additional information to help reduce the risk of identity theft.  The FTC’s contact information is:

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Ave NW
Washington, DC 20580
1-877-IDTHEFT (438-4338)

Please remain vigilant by regularly reviewing your credit reports and reviewing your accounts for suspicious activity.