FLINT, Mich., Jan. 17, 2024 /PRNewswire/ — TGI Direct, Inc. (“TGI” or “We”) provides printing and mailing services to a variety of organizations nationwide, including health plans. Today, we provided notice of a recent data event that may impact the privacy of certain individuals’ personal information and/or protected health information.
What Happened. TGI uses a managed file transfer tool known as MOVEit. We use the MOVEit file transfer tool to help us manage data we collect and store on behalf of our customers. Progress Software, the creators of MOVEit, recently shared that the tool had vulnerabilities unknown to them that may allow an unauthorized actor to access data inside the tool. An unauthorized actor did exploit MOVEit’s vulnerabilities and accessed data without permission for many companies, including TGI.
On May 28, 2023, TGI observed unusual activity within the MOVEit file transfer tool’s server. After securing our environment to limit any harm from that unusual activity, we started investigating what occurred. To help with that investigation, we brought in third-party cybersecurity specialists. The investigation determined that, for less than four hours on May 28, 2023, an unauthorized actor accessed or acquired some data stored in the server.
What Information Was Affected. The information included in the affected files varied by individual, and contained individuals’ names, insurance information, and medical information. No Social Security numbers or financial information was involved, and we have no evidence that any of the information was used for identity theft or fraud.
What We are Doing. We take this incident and the obligation to safeguard the information in our care very seriously. After discovering the incident, we worked to confirm our system’s security and brought in specialists to help us investigate what happened. Progress Software created patches designed to fix MOVEit’s vulnerabilities, and we promptly applied the patches.
What Affected Individuals Can Do. TGI is notifying affected individuals whose data was impacted by the incident. We encourage you to review your account statements and monitor your free credit reports over the next 12 to 24 months to look for identity theft and fraud, suspicious activity, or errors.
For More Information. If you have additional questions, you may contact our dedicated assistance line toll-free at 833-918-4512. This toll-free line is available Monday through Friday from 6 am – 6 pm Pacific (excluding major U.S. holidays). You may also write to TGI Direct, Inc. at Attn: IT Department, 5365 Hill 23 Drive, Flint, Michigan 48507.
Media Contact: Maria Haight ([email protected]) 810.237.5223
SOURCE TGI Direct, Inc.