UniversalPegasus Data Breach Affects 17,521 Americans

On June 14, 2023, UniversalPegasus International, a prominent player in the oil and energy sector, discovered a significant data breach. The incident occurred over two consecutive days, June 13 and June 14, 2023, and affected a total of 17,521 individuals across the United States.

Notably, 6,113 of those affected were from Texas, and 17 were from Maine.

The breach involved unauthorized access to sensitive consumer information, including Social Security numbers, driver's license numbers, government-issued ID numbers (such as passports or state ID cards), financial information (such as account numbers and credit or debit card numbers), health insurance information, and names.

UniversalPegasus International detected this breach as a sophisticated network security incident. Upon discovery, the company took immediate action to contain the incident and launched a thorough investigation with the help of third-party cybersecurity experts. These professionals were engaged to assess the scope of the breach and determine whether any personal information had been accessed or acquired by unauthorized individuals.

Following a detailed forensic investigation, it was confirmed that a limited number of files were accessed and acquired by an unauthorized party. This breach highlights the critical importance of robust cybersecurity measures, especially given the sensitive nature of the data involved.

UniversalPegasus International's Response

In response to the breach, UniversalPegasus International acted swiftly to mitigate any potential damage. They engaged third-party cybersecurity experts to conduct a comprehensive investigation and took steps to secure their systems. The company also conducted an extensive manual review of the affected data.

On November 27, 2024, UniversalPegasus International began notifying affected individuals through written communication. They offered identity theft protection services through IDX, A ZeroFox Company, which includes credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.

For more information, affected individuals can refer to the Maine Attorney General's disclosure, the Texas Attorney General's disclosure, and the California Attorney General's disclosure.

Steps for Affected Individuals

If you have been affected by this data breach, it is crucial to take immediate action to protect your personal information. Here are some recommended steps:

1. Enroll in Credit Monitoring: Take advantage of the complimentary identity protection services offered by UniversalPegasus International through IDX. Enroll before the deadline of February 27, 2025, to ensure your information is monitored.
2. Place a Fraud Alert: Contact one of the three major credit bureaus—Equifax, Experian, or TransUnion—to place a fraud alert on your credit files. This will prompt creditors to verify your identity before opening new accounts.
3. Consider a Security Freeze: For added protection, consider placing a security freeze on your credit file. This will prevent credit reporting agencies from releasing your information without your consent.
4. Review Financial Statements: Regularly check your bank and credit card statements for any unauthorized transactions. Promptly report any suspicious activity to your financial institution.
5. Obtain a Free Credit Report: You are entitled to a free credit report annually from each of the major credit reporting agencies. Review these reports for any discrepancies or unauthorized accounts.
6. Stay Vigilant: Continuously monitor your credit reports and financial accounts for unusual activity. If you suspect identity theft, file a report with your local law enforcement and the Federal Trade Commission.