LOS ANGELES (Sept. 29, 2010) --- The American Federation of Television and Radio Artists (AFTRA, AFL-CIO) today discovered and immediately notified members who joined the union through its online website portal, called Join Online, that computer hackers unlawfully accessed the join online system on Sept. 14, and that confidential information, including credit card and social security numbers, may have been stolen. AFTRA immediately shut down the join online website portal and notified the state and federal authorities, as well as the credit reporting bureaus.
The notice, which was sent to 2,811 members via email and regular mail, alerts member to the breach and advises members of what steps to take in order to protect their information. The breach only affects the Join Online portion of AFTRA’s website. AFTRA’s internal membership database, and the “members only” section of the website have not been affected. Unless an individual joined or attempted to join online with a credit card through the AFTRA website, their information is secure.
The full text of the member notice is below and it is posted on the homepage of AFTRA.com.
IMPORTANT NOTICE TO AFTRA MEMBERS REGARDING SECURITY BREACH AT AFTRA.COM “JOIN ONLINE”
Please be advised that on Sept. 29, AFTRA learned that computer hackers unlawfully accessed the Join Online portion of the AFTRA website at AFTRA.com. The hackers either stole or attempted to steal names, contact information, Social Security and credit card numbers from individuals who joined AFTRA online. Additionally, hackers may have stolen information from individuals who attempted to join AFTRA online between the dates of Sept. 14 and 29. AFTRA immediately notified the credit reporting agencies – Experian, Equifax and TransUnion – as well as federal and state law enforcement agencies, who are investigating the matter. AFTRA is also conducting its own internal investigation. To protect against further theft and/or breaches of security, AFTRA has disabled the Join Online website.
Please note that this breach only affects the Join Online portion of AFTRA’s website. AFTRA’s internal membership database, and the “members only” section of the website have not been affected. If you did not initially join AFTRA via the Join Online portion of the website, you are not affected by this breach of security.
Because your Social Security number was involved, we recommend that you place a fraud alert on your credit files. A fraud alert requires potential creditors to use what the law refers to as “reasonable policies and procedures” to verify your identity before issuing credit in your name. A fraud alert lasts for 90 days. Just call one of the three credit reporting agencies at a number below. This will let you automatically place an alert with all of the agencies. You will receive letters from all three, confirming the fraud alert and letting you know how to get a free copy of your credit report from each.
When you receive your credit reports, look them over carefully. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate. And look for personal information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.
If you do find suspicious activity on your credit reports, call your local police or sheriff ’s office and file a police report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records.
Even if you do not find any signs of fraud on your reports, we recommend that you check your credit reports periodically. You can keep the fraud alert in place by calling again after 90 days.
We believe that your credit card number may also have been stolen. To protect yourself from the possibility of identity theft, we recommend that you immediately contact the bank that issued the credit card that you used to join AFTRA and close that account. Tell them that your account may have been compromised, and ask that they report it as “closed at customer request.” If you want to open a new account, ask the bank to give you a PIN or password. This will help control access to the account.
For more information on identity theft, we suggest that you visit the web site of the California Office of Privacy Protection at www.privacy.ca.gov. Rest assured that we will continue to monitor developments in this matter, and will communicate with you as soon as we have additional information to share with you, or further assistance that we can offer to you.