About the data privacy event
On August 6, 2020, Body by Ravi Plastic Surgery & Aesthetics (“BBR”) became aware of suspicious activity on its computer network. BBR, with the assistance of third-party computer forensic specialists, took immediate steps to investigate the nature and scope of the incident. BBR is issuing this statement to provide additional details regarding what is known about the incident and the further steps it will be taking in response.
Frequently Asked Questions
What Happened? On August 6, 2020, BBR became aware of suspicious activity on its computer network. BBR immediately launched an investigation, with the assistance of third-party computer forensic specialists, and determined that its network had been infected with malware which prevented access to certain files on the system. The investigation determined that the malware was introduced into the system by an unauthorized actor who also accessed and acquired certain files within BBR’s system. The potential unauthorized access occurred between July 27, 2020, and August 6, 2020. BBR then began a lengthy and labor-intensive process to identify sensitive information that may have been contained within impacted files, and to identify the individuals whose information may have been impacted. That review completed on September 24, 2020.
What Information Was Involved? The information contained within the files at issue varied by individual, but contained name, address, phone number, date of birth, driver’s license number, payment card information, medical information, treatment information, diagnosis information, medication details, Social Security Number, health insurance information, and photographs. We have no evidence any information was subject to actual or attempted misuse.
What is BBR Doing? BBR takes this incident and the security of personal information seriously. Upon discovery, BBR immediately launched an investigation and took steps to secure its systems and investigate activity. BBR worked diligently to investigate and respond to this incident and to identify and notify potentially impacted individuals. BBR is also reviewing and enhancing existing policies, procedures, and processes related to storage of and access to personal information. BBR is also reporting this incident to relevant state and federal regulators as required. BBR is notifying potentially impacted individuals so that they may take further steps to best protect their information, should they feel it is appropriate to do so. BBR is also providing credit monitoring for potentially affected individuals.
What Can Affected Individuals Do? While BBR has no evidence that any personal information was subject to actual or attempted misuse, it encourages anyone who thinks their information may have been impacted to monitor financial accounts and notify their bank immediately if they detect unauthorized or unusual activity. You can also review the below Steps You Can Take to Help Protect Your Information.
For more information. We understand some people may have additional questions concerning this incident. Individuals can direct questions to 1-833-752-0852, 8am to 8pm Central Time. Those individuals who believe they are impacted may also contact this number to enroll in the complimentary credit monitoring services.
BBR apologizes for any inconvenience this may cause and remains committed to the privacy and security of all information it maintains.
BBR encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor credit reports for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Individuals have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:
PO Box 9554
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
PO Box 105788
Atlanta, GA 30348
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
- If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.
As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
P.O. Box 105069
Atlanta, GA 30348