Skanska Data Breach

Notification of Skanska Data Breach

On February 21, 2024, Skanska USA Inc, a prominent player in the construction industry, fell victim to a cybersecurity incident. A threat actor successfully infiltrated a user's Office 365 account through a phishing attack. The security breach was detected on March 6, 2024, by Skanska's security operations center, which promptly disabled the compromised account and initiated a thorough investigation.

The exposed information includes sensitive personal details such as individuals' first and last names, account numbers, routing numbers, and billing addresses, obtained from photocopies of personal checks written to Skanska. These details are critical as they could potentially be used for fraudulent activities.

What Skanska Is Doing

In response to this incident, Skanska has taken decisive steps to secure its digital environment. The threat actor has been removed, and continuous monitoring has been established to prevent future breaches. The company is reinforcing its commitment to data protection by mandating refresher training for its personnel to better identify and report phishing activities. Additionally, Skanska is reviewing its internal practices to further strengthen its security measures.

Services Offered to Affected Individuals

Skanska has arranged for credit and identity monitoring services at no cost to the affected parties, utilizing the three main credit bureaus. Current employees will be contacted via their company email with instructions on how to enroll in this service. Those who are not current employees can request the service by sending an email to benefits@skanska.com with the subject line "2/21/24 Data Breach."

Steps You Can Take

If you believe your information has been compromised, it is crucial to stay vigilant. Review your account statements and monitor your credit reports for any unauthorized activity. You have the option to report any suspected identity theft to law enforcement, including the Attorney General and the Federal Trade Commission. Additionally, you may contact the appropriate financial institution in the event of fraudulent account activity. It is also advisable to place fraud alerts with one of the three major credit bureaus.

• Equifax Fraud Alert: Call 1-888-378-4329 or visit their website.
• Experian Fraud Alert: Call 1-888-397-3742 or visit their website.
• TransUnion Fraud Alert: Call 1-800-916-8800 or visit their website.

For more detailed information and guidance on protecting yourself from identity theft, you can visit the Federal Trade Commission's website.

Contact Information for Further Assistance

If you need more information or assistance regarding this data breach, Skanska has provided an email address and a hotline for inquiries:

• Email: DPM_PII_USA@skanska.com
• Hotline: (877) 516-3385

For further details on Skanska and their commitment to privacy and security, please visit their official website.

By taking the steps outlined above and remaining cautious, you can help safeguard your personal information from potential misuse. Remember, it's essential to act promptly to minimize any risks associated with this data breach.