NEW YORK – Select Express & Logistics has informed customers and employees of a data breach that took place between February and May this year.
On May 3, 2020, Select learned of suspicious activity in its IT systems.
Working with third-party forensic investigators, the company determined that an unknown actor encrypted certain systems using malware, and also used malware to acquire a small number of files from Select’s server.
In addition, the investigation showed someone had unauthorized access to a limited number of Select employee email accounts from February 7, 2020 to May 5, 2020. For some of these accounts, the investigation was unable to determine if any specific email or attachment was actually viewed.
The review, which was completed on July 8, 2020, found that personal and business information was present in the affected email accounts or the files that may have been acquired by the malware.
The company says sensitive information including name; Social Security number; driver’s license/state identification number; bank/financial account information; credit/debit card information; date of birth; medical information; health insurance information; passport number; employer tax identification number; biometric data; billing/claims information; and electronic signature may have been compromised.
In addition to reviewing its security measures, Select notified law enforcement and is offering credit and identity theft monitoring to its staff and customers.
More information for those potentially exposed can be found on the company’s website.
Select provides a variety of home delivery services, including set-up and assembly of products such as athletic equipment, furniture and appliances, as well as on-demand courier services, reverse logistics and warehousing in the U.S. and major Canadian cities. Based in New York City, the company has access to a network of more than 90 cross-dock facilities, and performs home deliveries for more than 6,000 stores.