Data Security Notice
The H-E-B Center at Cedar Park and ASM Global value the relationships that we have with our fans and our employees, and we treat the security and privacy of their information with the utmost care. With this in mind, we are providing notice to these groups of a security breach that occurred on or around January 11, 2021, that impacted H-E-B Center IT systems and likely involved the personal information of some or all of these groups.
WHAT HAPPENED
On January 11, 2021, a third-party service provider that performs IT and other related services for H-E-B Center discovered that its systems had been attacked by sophisticated malware. An investigation was begun, and it determined that the attacker had gained access to a variety of H-E-B Center IT systems, encrypted their contents, and exfiltrated this data to the attacker’s own systems. Included among the encrypted systems was a majority of the server data backups.
WHAT INFORMATION WAS INVOLVED
The data on the affected systems remains encrypted and inaccessible, rendering it impossible to determine the specific individuals whose data was compromised, and the exact scope of that data. However, the business systems running on each affected server are known, and these systems contained confidential and personal information of current and former H-E-B Center employees, such as their name, address, contact information, date of birth, and in some cases social security numbers. These systems also contained names and contact information of our fans, including our ticketholders, but did not contain any payment card information. These systems did not contain any protected health information.
WHAT ARE WE DOING
Promptly following the alert that an IT incursion was underway, we limited external access to all IT systems and engaged outside experts to investigate the incident and attempt remediation efforts. We also notified law enforcement via the FBI’s internet crime unit. There has been no further unauthorized access following the enactment of these measures.
WHAT YOU CAN DO
We advise all potentially affected individuals to remain vigilant and to check their account transaction histories and credit reports regularly, and to further review the potential actions outlined below.
STEPS YOU CAN TAKE TO PROTECT YOUR INFORMATION
We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
You can place a “fraud alert” on your credit report to put creditors on notice that you may be, or have been, a victim of fraud. The length of this alert depends on certain factors relating to whether you have been a prior victim. You can place a fraud alert on your credit report by contacting any of the three national credit reporting agencies.
You also have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without having access to a PIN specified by you. A security freeze is designed to prevent credit grantors from accessing your credit report without your consent. However, you should be aware that using a security freeze may delay or prohibit the timely approval of any credit applications you may make. To place a security freeze, you must contact each credit reporting agency directly:
CREDIT BUREAUS
Equifax
P.O. Box 105069
Atlanta, GA 30348
1-800-525-6285
www.equifax.com
Experian
P.O. Box 9701
Allen, TX 75013
1-888-397-3742
www.experian.com
TransUnion
P.O. Box 2000
Chester, PA 19016
1-800-680-7289
www.transunion.com
Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC or from your respective state Attorney General about steps you can take toward preventing identity theft. You are encouraged to report suspected identity theft to the FTC. You may also report suspected identity theft to local law enforcement, including the Attorney General in your state.
Federal Trade Commission
600 Pennsylvania Ave, NW
Washington, DC 20580
www.ftc.gov/idtheft
1-877-438-4338