Metropolitan Companies is currently in the process of notifying individuals of a possible data breach, one which may have left their personal information open to a third party.
The attack was identified on April 21 when Metropolitan Companies noticed an unauthorised third party had accessed computer systems, stealing documents containing the data. The company has not yet confirmed what information has been stolen, but is required to notify potential victims.
Around 8,500 notification letters are currently being sent out by the company, explaining exactly what may have been exposed. The information included names, addresses, dates of birth, past education and certain financial information.
Steven Herfield, president and CEO of Metropolitan Companies, has explained that the and the company are not aware of any information misuse.
The company has since removed all access to systems, and brought in outside data forensics experts to carry out a comprehensive investigation. Additional security measures were also put in place, including increased firewall protections and new monitoring capabilities.
These should prove essential in ongoing vulnerability management, keeping unauthorised third parties out of important business systems.
To secure affected individuals, Metropolitan Companies has supplied a free year of credit monitoring services and identify theft protection. These should ensure security over the course of this year.