Easterseals Data Breach Exposes Personally Identifiable Information

On April 1, 2024, the Easterseals Rehabilitation Center of Central Illinois experienced a significant data breach that disrupted their network systems. This incident was promptly addressed by disconnecting network access and engaging a specialized third-party cybersecurity firm to conduct a comprehensive forensic investigation.

The breach potentially exposed sensitive personal information of individuals, which included first and last names, dates of birth, Social Security Numbers, and medical records. The investigation concluded on October 7, 2024, when Easterseals finalized the list of individuals affected by this breach.

In response to the breach, Easterseals has taken several measures to enhance the security of its systems. They have deployed industry-leading endpoint security software, transitioned to cloud-based servers, and implemented credential hardening practices, including multi-factor authentication.

Additionally, Easterseals is offering affected individuals access to credit monitoring services for 24 months at no charge. These services are provided by Cyberscout, a TransUnion company, specializing in fraud assistance and remediation.

Steps for Affected Individuals

If you believe you have been affected by this data breach, it is crucial to remain vigilant. Here are some recommended steps:

1. Enroll in Credit Monitoring: Take advantage of the free credit monitoring services offered by Easterseals. This will alert you to any changes in your credit file.
2. Monitor Financial Accounts: Regularly review your bank and credit card statements for any unauthorized transactions.
3. Check Credit Reports: Obtain a free copy of your credit report from AnnualCreditReport.com and review it for inaccuracies.
4. Consider a Fraud Alert: Place a fraud alert on your credit file by contacting one of the three national credit reporting agencies.
5. Implement a Credit Freeze: This can prevent new credit accounts from being opened in your name without your consent.

For further details on the data breach and the measures being taken, you can access the full notice to consumers on the Massachusetts Attorney General's website.