Notice to Our Employees of Data Security Incident
Griffith Energy Services, Inc. (“Griffith”) is committed to protecting the privacy of our employees’ information. We are currently in the process of notifying current and former employees, as well as certain beneficiaries and dependents of those employees, of an incident that involved some of their information. This notice describes the incident, measures we have taken, and some steps that our employees may consider taking in response.
We identified a security incident that resulted in the encryption of certain systems within the Griffith environment. We immediately began to investigate, an outside cybersecurity firm was engaged, law enforcement was contacted, and steps were taken to address the incident and restore operations. Based on our investigation, we determined that an unauthorized person obtained access to the Griffith systems between March 27, 2021 and July 17, 2021, and accessed a limited amount of information that is maintained on the Griffith systems. After further investigation, on July 28, 2021, we discovered that the information that was accessed by the unauthorized person may have included documents relating to Griffith’s group health plan. We immediately began a comprehensive review of all documents involved. Our review of these documents is ongoing, but we anticipate that the documents may contain one or more of the following: plan member names, addresses, dates of birth, Social Security numbers, and certain health insurance information such as member identification numbers and benefits selection information.
Once our review is complete, we will mail letters to all current and former employees, as well as certain beneficiaries and dependents of those employees, whose information is identified in the documents involved. We have also established a dedicated, toll-free call center to answer employee questions. If you have questions, please call 1-855-551-1668, Monday through Friday, from 9:00 a.m. to 6:30 p.m. Eastern Time. At this time, we recommend that all current and former employees, and the beneficiaries and dependents of those employees, remain vigilant for signs of unauthorized activity by reviewing any statements that they receive relating to their health insurance. If you identify any charges or activity that you did not authorize, please contact us immediately.
Griffith sincerely regrets that this incident occurred and apologizes for any inconvenience this may have caused. To help prevent something like this from happening again, and to further protect health plan data, we took steps to enhance our existing network security protocols and enabled technical protections and monitoring tools on our systems.