Data Security Q & A

Date: October 22, 2022

Multi-Color Corporation (MCC)

Cybersecurity Incident and Credit Monitoring Services

Frequently Asked Questions (FAQs)

Note to Current MCC Employees. If you are an MCC employee as of the date of this notice, and your sensitive personal information was impacted by this cybersecurity incident, then you will receive a separate notice (e.g., mail, email) that describes this incident and your ability to enroll in our complimentary credit monitoring and identity theft protection services. If you do not receive such a separate notice, then we do not have any reason to believe that your sensitive personal information was compromised by this incident.

1. What happened?

• On September 29, 2022, MCC determined that an outside individual gained unauthorized access to the company’s information networks and systems.
• We were able to quickly identify this issue because of the substantial security controls that we had previously implemented and maintained.
• We identified that this intrusion was a ransomware attack, and our internal IT team immediately isolated the malicious activity within hours and engaged independent security experts to conduct a thorough forensic investigation. 
• Based on the measures that we have implemented and the actions we have taken, there is no indication that any personal information subject to this cybersecurity incident has been misused or will be misused in the future.

2. What kind of information was accessed?

• The security attack that impacted MCC on September 29, 2022, was a “ransomware attack,” which means that an outside individual gained unauthorized access to the company’s information technology networks and systems and sought to encrypt files with the goal to make us pay a “ransom” to obtain a decryption key.
• As part of our investigation, we discovered that the threat actor accessed MCC files and records in our custody and control, including our general corporate and business-to-business information related to our customers (e.g., invoices) and personnel/HR records concerning our employees.

3. What type of personal data was compromised? Was it sensitive?

• Although we are still in the process of reviewing each file and record that was compromised, we believe that the threat actor had access to sensitive personal information within our personnel/HR records.
• The sensitive personal information included social security numbers, driver’s license numbers, passport numbers, and similar identifiers; healthcare and health insurance-related data; and, certain tax withholding and similar financial data.
• There is evidence that personal information, such as social security numbers, related to MCC employee spouses, partners, and dependents was also compromised. Please note that we are extending our credit monitoring and identity theft protection services to these family members and beneficiaries.
• Based on the measures that we have implemented and the actions we have taken, there is no indication that any personal information subject to this cybersecurity incident has been misused or will be misused in the future.

4. Why does MCC maintain information on my spouse, partner, and children?

• As part of our internal healthcare, wellness, and financial programs, our employees may elect to enroll their family members into these programs or otherwise identify them as beneficiaries in these programs. In such circumstances, we need to collect and retain personal information on these beneficiaries to administer such programs.

5. Is MCC offering credit monitoring services? How do I enroll?

• MCC will provide current and former employees who were impacted by this cybersecurity incident with complimentary credit monitoring and identity theft protection services for 24 months offered through Equifax.
• MCC will also provide complimentary identity theft monitoring services for 24 months offered through Equifax to dependents and beneficiaries of current and former employees who were impacted by this cybersecurity incident.
• To enroll in this service, go to www.equifax.com/activate, enter your unique Activation Code that was contained in the notice we sent you or which you can obtain by calling the number below; then click “Submit” and follow the four simple steps provided through Equifax’s website.
• We have a dedicated call center to answer questions you may have:
  • For United States residents: contact 888-291-2363, available Monday – Friday, 9:00 am to 9:00 pm EST.
  • For non-United States residents: contact +44(0)330 053 3818, available 24/7.

6. Did MCC report this incident to law enforcement? Will the threat actors be caught?

• It is a violation of several domestic and foreign laws to undertake a ransomware attack, and MCC, and our employees, are the victims of a serious crime.
• For the well-being of the company and the safety and security of our employees, we voluntarily notified the Federal Bureau of Investigation of this cyberattack.

7. What about customers and suppliers of MCC?

• In almost all circumstances, MCC does not retain sensitive personal information on our customers or suppliers, and therefore there is no evidence at this juncture that such sensitive personal information was compromised in this incident.
• If you are a customer or supplier of MCC, and you believe MCC retains sensitive personal information about you, please contact us immediately.

8. How did MCC discover the incident?

• MCC had established a comprehensive information security program prior to this incident and our IT team identified unusual activity occurring within our information networks and systems.

9. When did this incident occur?

• MCC identified a ransomware attack on September 29, 2022, and we immediately deployed security measures to contain and mitigate the threat and retained an industry leading digital forensic and incident response team to accelerate our mitigation efforts.
• Because of the substantial security controls that MCC implemented prior to the cybersecurity incident, we were able to contain the threat within a few hours and became fully operational by October 2, 2022.

10. How can MCC be sure this type of cyberattack will not happen again?

• MCC implements and maintains a comprehensive information security program, which is one of the reasons we were able to identify this cyberattack and respond to it quickly.
• Unfortunately, cyberattacks are well-resourced and oftentimes are supported or directed by foreign governments.
• Although no information security system is 100% secure, we have implemented a broad range of technical, physical, and administrative security controls to safeguard our IT environment, and will constantly evaluate the sufficiency of these controls against industry standards and reasonably foreseeable threats.

11. Are there any additional steps that I can take to protect myself against fraud and identity theft?

• Yes, there are several steps that you can undertake to better protect yourself and your personal information more generally, including those listed in sections 12-16 below.
• Remain vigilant and regularly review your credit card bills, bank statements, and credit reports for any unauthorized activity.
• Promptly report incidents of suspected identity theft or fraud to your local law enforcement agency, your regulatory and supervisory authorities, your financial institution, and consumer reporting agencies.
• Change your passwords regularly, and refrain from using easily guessed passwords and re-using the same passwords for multiple accounts.
• Be vigilant against third parties attempting to gather information by deception (commonly known as “phishing”), including through links to fake websites.
• Consider replacing your passport or drivers licence if you are particularly concerned about those documents having been compromised.
• Consider requesting a copy of your credit report or even a temporary credit ban from one of the credit reporting bodies.

**Further information for United States and Australian residents**

12. (For United States Residents) How can I retain a free copy of my credit report?

• You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies.
• To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228.

13. (For United States Residents) How can I contact credit reporting companies?

• Contact information for the three nationwide credit reporting companies is as follows:
  • Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111.
  • Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742.
  • TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800.
• If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission at: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft.

14. (For Australian Residents) How can I obtain a free copy of my credit report?

• You may obtain a copy of your credit report, free of charge, once every 3 months from each of these credit reporting bodies:
  • Equifax, phone 138 332
  • Experian, phone 1300 783 684
  • illion, phone 1300 734 806

15. (For Australian Residents) How can I cancel my passport or drivers licence?

• In relation to your passport, you can contact the Department of Foreign Affairs and trade about cancelling it (131 232; www.passports.gov.au).
• In relation to your drivers’ licence, you can contact the Road Authority that issued your licence about cancelling it: NEW SOUTH WALES (132 213; www.rms.nsw.gov.au) VICTORIA (131 171;  www.vicroads.vic.gov.au) QUEENSLAND (132 380; www.tmr.qld.gov.au) WESTERN AUSTRALIA (131 156; www.transport.wa.gov.au) SOUTH AUSTRALIA (131 084; www.transport.sa.gov.au) TASMANIA (1300 851 225; www.transport.tas.gov.au) AUSTRALIAN CAPITAL TERRITORY (132 281; www.rego.act.gov.au) NORTHERN TERRITORY (1300 654 628; www.nt.gov.au/transport).
• If you wish to investigate further options, you can also visit www.cyber.gov.au for more advice, or contact IDCare for personalised support (https://www.idcare.org/contact-us).