As noted in prior communications, we reported unauthorized access to our systems in March of 2019, where a relatively small number of our clients had data that was impacted. The purpose of this document is to provide an update to the prior April communications, in Q&A format, regarding the completion of our remediation efforts and the implementation of our information security action plan. Since March, we have been working with a leading cybersecurity firm on our investigation and advisement on our remediation and security enhancement plan. We have made excellent progress now having fully implemented all critical elements of our plan, including, but not limited to:
- Full remediation of the March 2019 incident
- Cooperated with U.S. Federal authorities’ investigation into the incident and established an ongoing relationship to better understand the ever-changing nature of cybersecurity related threats
- Additional visibility into our network and environment
- Additional monitoring of our environment
- Active threat hunting in our environment
- Reduced our footprint of externally facing technology
- Enhanced protection for externally facing web applications
- Added Multi-Factor Authentication to ingress points
- Added denial of service attack protection
- Increased network segmentation
We are pleased with our progress and feel strongly that as result of these efforts, CRL is more secure than ever in terms of protecting our clients’ data. We will continue to add new security features as part of our ongoing information security operations in order to do our best to stay ahead of and enhance our response to any future threats.
This document, in Q&A format, provides updated information on our current status versus the original Q&A from April 30, 2019 (attached at the end of the document for reference). We appreciate that some clients may still have additional questions. We are happy to set up calls to answer those questions as needed. Please reach out to Holly Faria at [email protected] to schedule.