Notice of Data Security Incident

11/1/23 – Tangoe US, Inc. (“Tangoe”) is announcing a recent data security incident that may involve personal information of certain current and former employees and their dependents. To date, we are not aware of any misuse of personal information as a result of this incident. Nevertheless, Tangoe is providing notice of this incident to potentially impacted individuals out of an abundance of caution.

What Happened? On November 17, 2022, Tangoe identified suspicious activity related to certain computer systems within our environment. We took steps to secure the environment and launched an investigation to determine the nature and scope of the incident. The investigation determined that certain computer systems were subject to unauthorized access between November 15, 2022 and November 17, 2022, and that certain files were potentially accessed and/or acquired by an unknown third party without authorization.

What Information was Involved? As a result, Tangoe began a diligent and comprehensive review of relevant systems to determine the information that may have been impacted and to identify to whom it belonged. On July 27, 2023, we determined that certain documents containing personal information and/or protected health information related to some current and former employees and/or their dependents were stored on the impacted systems. We commenced a closer review of these documents, and on September 19, 2023, we determined that the impacted systems may contain the following types of personal information and/or protected health information: name, Social Security number, medical treatment/diagnosis information, health insurance subscriber number, health insurance group number, other health insurance information, prescription / medication information, medical billing/claims information, date of birth, or financial account information. The information identified for each individual varies.

What is Tangoe Doing? We take this incident and the security of personal information in our care seriously. Upon learning of this incident, we moved quickly to investigate and respond to this incident, notify law enforcement, assess the security of relevant systems, and notify potentially affected individuals. Our response included, reviewing the contents of the potentially accessible systems to determine whether they contained personal information and reviewing internal systems to identify contact information for purposes of providing notice to potentially affected individuals. As part of our ongoing commitment to the privacy of information in our care, we are working to implement additional security measures to further protect against similar incidents in the future. We also notified the United States Department of Health and Human Services and state regulators, as required.

For More Information. Tangoe has established a dedicated call center for individuals to contact with questions or concerns. If you have any questions regarding this incident, please contact us at 855-896-4446, Monday through Friday from 8:00 a.m. to 10:00 p.m. Central, or Saturday and Sunday from 10:00 a.m. to 7:00 p.m. Central, excluding U.S. holidays. We sincerely apologize that this incident occurred and remain committed to safeguarding the privacy and security of information we collect.

What are general steps I can take to help protect my information?

Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Consumers may also directly contact the three major credit reporting bureaus listed below to request a free copy of their credit report.

Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If consumers are the victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should consumers wish to place a fraud alert, please contact any of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in a consumer’s name without consent. However, consumers should be aware that using a credit freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application they make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, consumers cannot be charged to place or lift a credit freeze on their credit report. To request a credit freeze, individuals may need to provide some or all of the following information:

1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
2. Social Security number;
3. Date of birth;
4. Addresses for the prior two to five years;
5. Proof of current address, such as a current utility bill or telephone bill;
6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.); and
7. A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if they are a victim of identity theft.

Should consumers wish to place a credit freeze or fraud alert, please contact the three major credit reporting bureaus listed below: