Fort Worth, Texas – November 15, 2024 – ESHA, Inc (“ESHA”) announced today that is has taken action after learning of a data security incident, which may have compromised the personal information of certain individuals with information, maintained on its systems. ESHA began providing notice to all potentially impacted individuals on November 15, 2024.
On July 19, 2024, ESHA became aware of a data security incident that impacted its server infrastructure and took its systems offline. ESHA immediately undertook efforts to restore its servers and undertook additional affirmative steps to safeguard the security of data maintained on its systems. ESHA also simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose information may have been compromised.
The forensic investigation determined that access to ESHA’s systems occurred on approximately July 13, 2024 through July 17, 2024. The investigation also identified certain files that may have been accessed or acquired in connection with the incident. In continuing its thorough investigation, ESHA undertook a comprehensive manual review process to review these files and identify the specific individuals with person information contained therein. This comprehensive manual review process concluded on or about September 16, 2024.
As stated above, following the data security incident, ESHA immediately undertook all efforts to restore its servers, and also undertook additional affirmative steps to safeguard the security of data maintained on its systems. ESHA retained a forensic investigation firm to thoroughly investigate the incident and providing notification to all individuals whose personal information may have been accessed and/or acquired in connection with the incident in an abundance of caution. ESHA has obtained confirmation to the best of its ability that the information is no longer in possession of the third party(ies) associated with this incident, and it is entirely possible that any specific personal information was not compromised as a result of the incident. Nonetheless, ESHA has also offered to the impacted individuals access to complimentary credit monitoring. Please be advised that we are continuing to work closely with leading security experts to identify and implement measures to further strengthen the security of ESHA’s systems to help prevent this from happening in the future.
ESHA began mailing notification letters on November 15, 2024 to all individuals whose personal information may have been accessed and/or acquired in connection with the incident. We anticipate that it will take five days for individuals to receive this letter. If an individual does not receive a letter, but would like to know if he or she was potentially affected by this incident, or if an individual has any questions or would like additional information, they may call ESHA’s dedicated assistance line at 888-458-5630 between the hours of 9:00am to 9:00pm EST, Monday through Friday.