Performant Financial Corporation

"What Happened?By letter dated April 7, 2017, C&T informed Performant that after noticing unusual activity on its network, C&T had hired a specialist forensic information technology firm to investigate. As a result of that investigation it was determined that an unauthorized individual had accessed a C&T network drive between January 27, 2017, and February 2, 2017. C&T, however, could not determine whether any specific files were accessed.  The network drive, unfortunately, contained the Company’s 401K audit files for certain years.Upon receiving C&T’s notification of a potential data breach, Performant undertook its own investigation to determine what specific information may have been compromised.  Performant attempted multiple times to obtain specific answers and definitive records from C&T to accurately determine whose information may have been compromised. Performant also attempted to gain details regarding C&Ts incident notification procedure, including information about C&T’s notification to employees of its client’s employees, such as Performant’s employees participating in the Company’s 401K plan.  On June 27, 2017, C&T, for the first time, provided Performant with access to the Company’s specific files stored on the C&T network drive that was compromised.  After receiving the files, Performant engaged in a detailed review to determine what, if any, personal information of its current or former employees was potentially compromised. The review revealed that your information may have been compromised by the incident at C&T.   What Information Was Involved? Although C&T cannot determine whether or not Performant’s files were accessed by the unauthorized individual, the security incident may have involved your first name, last name, date of birth, and Social Security number, as a result of your participation in the Company’s 401K plan in the years of 2010, 2011, and/or 2015.   Please note that the data files related to this incident did not include other information about the 401K plan or information about your personal 401K, such as account access information or account balances."