They notified me via email:
We are reaching out to let you know that Reputation.com recently identified, interrupted and swiftly shut down an external attack on our secure network. Our network security personnel detected this breach shortly after it began, and took immediate steps to stop the attack before it could be completed.
At Reputation.com, transparency and openness are part of our culture. That’s why, although the extent of the breach and the limited kind of information accessed during this attack did not legally obligate us to provide notice to our users, we nevertheless felt it was important to let you know that this event occurred.
It appears that of all the locations in the world where our affected users reside, only the jurisdiction of North Dakota requires us to disclose information about this incident to its residents. However, out of an abundance of caution and due to our strong interest in transparency, we are notifying affected users, regardless of location.
Following the attack, our engineering and security team immediately conducted an exhaustive investigation, working closely with independent security experts to determine what information may have been accessed. We are also implementing additional security measures, beyond the high level of security that is already in place, to ensure your continued protection.
To give you some assurance, we want to be clear what was NOT accessed:
- Financial information, such as credit card numbers or bank account information – which we do not store on our systems
- Social Security Numbers and drivers license numbers, which we do not ask for or require our users to provide (so you likely did not volunteer this information)
- Your account details, including why you retained our services
- Communication between you and our team
- Any details about the services we provided to you
The personal information that was accessed included:
- Email and physical addresses
- In some instances, phone numbers, dates of birth, and occupational information
Additionally, a list of highly encrypted (“salted” and “hashed”) user passwords for a small minority of our users was accessed. Although it was highly unlikely that these passwords could ever be decrypted, we immediately changed the password of every user to prevent any possible unauthorized account access.
Based on the type of information accessed, we do not believe it’s likely that you will experience any future issues as a result of this incident. However, out of an abundance of caution, we are offering free credit monitoring for a year to those affected clients who request it within the next 30 days.
Security and your privacy remain our absolute first priority. Please do not reply to this email. We have established a confidential assistance line... blah blah blah
No great damage, I reckon...