EFS Advisors Data Breach Affecting Over 31,000 Includes Social Security Numbers

The February 2024 Data Breach at EFS Advisors

On February 22, 2024, EFS Advisors detected a data security incident where an unauthorized third party attempted to infiltrate the company's computer network. The breach was facilitated by a zero-day vulnerability in a software program used by an external IT provider, meaning the vulnerability was exploited before it could be patched by the software company. This incident led to potential unauthorized access to the company's systems and personal information of its clients, affecting at least 31,042 people.

Information Exposed

• Name
• Social Security number

EFS Advisors's Response

Upon detecting the breach, EFS Advisors acted swiftly to secure its network environment and initiated a thorough investigation with the assistance of independent IT security and forensic investigators. The investigation aimed to determine the scope and extent of the potential unauthorized access. In response to the incident, EFS Advisors has been working with cybersecurity experts to analyze and enhance its internal security architecture. Additionally, the company is offering affected clients access to Single Bureau Credit Monitoring services at no charge, provided by TransUnion, to help protect their information and assist in case of identity theft.

Steps to Take if You Are Affected

If you believe your information may have been compromised in this breach, it is crucial to act immediately to protect your identity:

1. Enroll in the provided credit monitoring services by visiting CyberScout Activation and using the unique code EBF9CF1AC08F. Enrollment must occur within 90 days from the date of the notification letter.
2. Regularly review your account statements and credit reports for any unauthorized activity. You can obtain a free credit report from each of the three major credit bureaus at Annual Credit Report.
3. Consider placing a fraud alert on your credit files, which makes it harder for identity thieves to open accounts in your name. Contact one of the three major credit bureaus to place a fraud alert:
1. Equifax Fraud Alert
2. TransUnion Fraud Alerts
3. Experian Fraud Center

1. If necessary, file a report with your local law enforcement or contact the Federal Trade Commission at IdentityTheft.gov.

For further details about the breach and EFS Advisors LLC's response, you can refer to the official disclosures on the Maine Attorney General's website and the Massachusetts Attorney General's website.

Remember, taking prompt action can significantly mitigate the risks associated with data breaches.