Notice of Security Incident
We regret to inform you that Patented Acquisition Corporation has been a successful target of a data incident. This incident impacts some of our current and former customers and employees. Impacted individuals will receive additional notice in the coming days via mail. We are working with leading digital forensics to confirm what information was compromised and the severity of the risk. We have already begun to take additional steps to provide further protection against future attacks by improving policies and practices. For any questions, please be made aware that you can call 937-353-2625 or email [email protected] to address any questions or issues. Delivery of exceptional, quality service remains our focus, and we sincerely apologize for any inconvenience caused.
What Happened
On May 7, 2024, Patented Acquisition Corporation first learned of a security incident that disrupted access to our information systems (the “Incident”). The disruption to Patented Acquisition Corporation information systems lasted from May 7, 2024 until access was restored on or about May 23, 2024. Upon discovery of the Incident, Patented Acquisition Corporation immediately engaged a trusted third-party forensics firm to assist in ending the disruption to our information systems and to understand the scope and impact of the Incident. Based on our investigation, we learned that the attack was made possible by an unauthorized individual through malicious software on our internal systems and that initial instances of unauthorized access began on May 2, 2024. We have worked with forensics to secure all systems, remediate risks, and bring our systems back online, while adopting additional technical and organizational tools to address potential system vulnerabilities. On May 29, 2024, we learned that, in addition to the disrupted access to our information systems, the Incident may have also resulted in the unauthorized access, viewing, or removal of personal information from our systems. Once aware of the Incident and its potential impact on personal information, we began analyzing the impacted files to better understand what personal information was potentially at risk, and provide notice to individuals and governmental authorities, as applicable.
What Information Was Involved
There is no conclusive evidence that the intruder has used or disclosed any of the accessed personal information. In an abundance of caution, Patented Acquisition Corporation is informing the public that the intruder may have accessed, viewed, or removed from its systems the following categories of personal information and protected health information: first and last name; mailing address; and information relating to location of healthcare treatment.
What We Did and What We Are Doing
Upon learning of the Incident, we immediately took protective measures to understand the Incident’s scope and to secure our systems and data. We engaged a third-party forensics firm to investigate the Incident, identify the root cause, and determine the scope of accessible information. We have carefully brought our systems back online, and we continue to closely monitor our network and information systems for unusual activity. Patented Acquisition Corporation is also cooperating with federal law enforcement as part of a large-scale investigation of the suspected threat actor. Additionally, we are continuing our due diligence efforts, including engaging as appropriate, additional resources and experts and evaluating the extent of risk to personal information. We will continue to implement the recommendations from our third-party forensics firm to further improve our administrative, technical, and physical safeguards.
What You Can Do
We sincerely regret any concern this causes you and any inconvenience resulting from this Incident. Although we have not received reports or indication of such activity, the risks related to unauthorized use of sensitive information, such as Social Security numbers or bank accounting numbers and routing numbers, may include identity theft, financial fraud, and tax fraud. We encourage you to remain vigilant in reviewing activity on all accounts in which you keep sensitive information, including your credit files. We will continue to keep you posted on any applicable updates. Please also take care and attention when submitting tax returns to protect against possible fraudulent submissions made on your behalf.
If you have concerns about identity theft, you can contact local law enforcement and file a police report. You can also contact your state’s Attorney General, as well as the Federal Trade Commission or one of the credit bureaus for more information about how to protect your identity.
For More Information
You can place an identity theft/fraud alert, get credit freeze information for your state, or order a free credit report by calling any of the following credit reporting agencies at one of the phone numbers listed below or visiting their respective websites.
Equifax PO Box 740241 Atlanta, GA 30374 800-525-6285 www.equifax.com |
Experian PO Box 4500 Allen, TX 75013 888-397-3742 www.experian.com |
TransUnion PO Box 2000 Chester, PA 19016 877-322-8228 www.transunion.com |
Steps You Can Take To Further Protect Your Information
Credit Reports. You can request credit reports be sent to you free of charge from all three credit bureaus. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Periodically checking your credit reports can help you spot problems and address them quickly.
Fraud Alerts. You can place a fraud alert with the credit bureaus free of charge. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Contact any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year. You can renew it after one year.
Security Freeze. Under state law, a security freeze (or a credit freeze) prohibits a credit bureau from releasing any information from a consumer’s credit report without written authorization. There is no fee associated with freezing or thawing your credit. The process of freezing your credit takes only a few minutes. You must contact each credit bureau individually to freeze your credit with each bureau. To place a security freeze, you may need to provide the following information:
- Your full name;
- Social Security number;
- Date of birth;
- Mobile number;
- Current postal address;
- Email address; and
- Any other information that the credit bureau may require.
The credit bureaus have one business day after your request to place a security freeze if made by telephone or secure electronic means. If the request is made by mail, the credit bureaus have three business days. The credit bureaus must also send written confirmation to you within five business days.
To lift the security freeze, in order to allow a specific entity or individual access to your credit report, you must apply online, call, or send a written request to the credit bureaus by mail. When you contact a credit bureau to lift the security freeze, you will need to include proper identification (name, address, and Social Security number) and the PIN number or password that was provided to you (if provided) when you placed the security freeze as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. If you request a credit thaw online or by phone, the credit bureaus are required by law to complete the request within one hour. If you request the thaw by regular mail, the credit bureaus have three business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time.
Free Resources on Identity Theft. The Federal Trade Commission (FTC) provides more information about how to protect your identity at https://consumer.ftc.gov/identity-theft-and-online-security. For more information, please visit IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). A copy of Identity Theft – A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC’s website at:
https://www.bulkorder.ftc.gov/system/files/publications/501a_idt_a_recovery_plan_508.pdf.
You may also find additional information on any applicable rights under the Fair Credit Reporting Act. You can contact the FTC using the information below.
Federal Trade Commission – 1-202-326-2222
Bureau of Consumer Protection
600 Pennsylvania Avenue, NW
Washington, DC 20580
For North Carolina Residents: You may also contact the North Carolina Attorney General’s Office for more information about how to protect your identity by using the information below:
Attorney General Josh Stein |
For Oregon Residents: You can contact the Oregon Attorney General at:
Oregon Department of Justice |
Again, we sincerely regret that this Incident has occurred. If you have any questions, please contact us at:
Contact: Patented Acquisition Corporation
Email: [email protected]
Telephone: 937-353-2652
Address: 2490 Crosspointe Dr, Miamisburg, OH 45342