Unauthorized Data Access
On December 23, 2020, Solairus was notified by a third-party vendor of an unauthorized intrusion into the vendor’s Microsoft Azure cloud hosting platform that is used to host our flight scheduling and tracking system. We immediately began working with the vendor, our in-house technical team, and our outside legal counsel to determine what happened, the scope of data that was potentially accessed, and what steps can be taken to further safeguard the vendor’s systems and better protect our client data. The investigation determined that an unauthorized third party accessed some of our data in the vendor’s cloud storage.
We completed a review of the files in the impacted cloud storage and determined that the documents contained certain information relating to some of our clients and employees, including their names and one or more of the following data elements: Social Security numbers, passport numbers, driver’s license numbers, dates of birth, and/or financial account numbers.
Upon being notified of the unauthorized access, we worked with our vendor to ensure that they made changes to their system to prevent the unauthorized party from further accessing their systems. To help prevent something like this from happening in the future, our vendor has taken steps to enhance their existing security program including implementing multiple layers of protective measures, ensuring that they follow best practices in the security of data storage, and are re-educating staff in proper handling of sensitive data.
While we have no indication that any of our clients’ or employees’ information has been misused, we wanted to notify everyone potentially involved of this incident and remind everyone that it is always advisable to remain vigilant for signs of unauthorized activity by reviewing your financial account statements. If you see charges or activity you did not authorize, we suggest that you contact the provider immediately.
In an abundance of caution, we are offering a complimentary membership in Equifax ID Patrol® to anyone whose Social Security number or driver’s license number was involved in the incident. This product provides enrollees with detection and resolution of identity theft. ID Patrol is completely free to members and enrolling in this program will not hurt members’ credit scores. You may also call the toll-free number of any of the three major credit bureaus to place a fraud alert on your credit report and/or order your free credit report: Experian: 1-888-397- 3742; P.O. Box 9532, Allen, TX 75013; Equifax: 1-800-525-6285; P.O. Box 740241, Atlanta, GA 30374-0241; TransUnion: 1-800-680-7289; P.O. Box 6790, Fullerton, CA 92834-6790. Additional resources regarding identity theft protection may be found at the FTC identity theft website, IdentityTheft.gov, which includes information regarding identity theft recovery steps and how to file an identity theft complaint if you discover your information has been compromised.
For more information regarding this incident, including whether you are eligible for a free one-year membership in ID Patrol and instructions on how to activate your membership, as well as some additional steps you can take in response, please call 1-855-515-1652 Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time.
We regret the inconvenience or concern this incident may cause you. Every member of the Solairus community is important to us, and we want to assure you that we value your security and privacy. We know you place your trust in us, and we will never take that trust for granted.