It's like a spa for your cah. Best of Boston

Data Security

MAY 9, 2017

 

Notice of Data Security Incident

ALLSTON CAR WASH

434 CAMBRIDGE STREET, ALLSTON, MA 02134

 

General Overview of the Data Incident

 

Allston Car Wash, located at 434 Cambridge Street, Allston, Massachusetts was informed on March 27, 2017 by our vendor DRB Systems that our point-of-sale system experienced a data breach in February 2017.  THIS INCIDENT ONLY AFFECTED PAYMENTS MADE AT THE CAR WASH TERMINAL INSIDE THE CONVENIENCE STORE.  Payment transactions made at the our gasoline pumps or at the gasoline cashier were NOT affected

 

If you used a credit card or other payment card at our 434 Cambridge Street, Allston, Massachusetts location between the dates of February 6, 2017 and February 23, 2017, your payment card information may be at risk.

 

As we continue our investigation and monitoring of this data security incident, we are providing our valued customers with this notice as one of our measures to help safeguard our customer information.  Our customer’s data security is a high priority for our company and we take any potential breach seriously.

 

What are we doing?

 

Allston Car Wash is working with DRB Systems, our third-party platform provider to actively monitor the platform to safeguard all customer personal information.  Even though DRB Systems has reported that the incident has been addressed, out of an abundance of caution, we have launched an investigation into the matter and we are taking measures to minimize future risks by strengthening our internal administrative and technical controls.

 

In addition, DRB Systems is offering one year of complimentary credit monitoring through Kroll to help alleviate any of our customer’s concerns and provide a manner to monitor credit at no cost to our valued customers.  Our customers may visit the following website to enroll in this product: http://activate.kroll.com.  Our customers may also call 1-855-223-7528 if they have questions about this incident and for more information about the identity protection product.

 

 

 

 

What Customers Can Do

 

Review Credit Card/Bank Account and Credit Statements and Request Security Freeze

 

Customers should continue to closely review all account statements and a customer’s credit report and report any suspicious activity to the three major credit bureaus (see below).  Customers may place a security freeze on their credit reports.  A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization.  However, it is important to note that placing a security freeze on a credit report may delay, interfere with, or prevent the timely approval of any requests for new loans, credit mortgages, employment, housing or other services.

 

If a customer has been a victim of identity theft, and a valid police report has been provided to the credit reporting agency, the agency cannot charge to place, lift or remove a security freeze.  In all other cases, a credit reporting agency may charge up to $5.00 each to place, temporarily lift, or permanently remove a security freeze.

 

To place a security freeze on your credit report you may either call or submit a written request must be sent to each of the three major consumer reporting agencies:  Equifax (www.Equifax.com); Experian (www.experian.com); and TransUnion (www.transunion.com) by regular, certified or overnight mail at the addresses below:

 

 

Equifax Experian TransUnion
Phone: 800-685-1111

P.O. Box 105788

Atlanta, GA 30348

www.equifax.com

Phone: 888-397-3742

P.O. Box 9554

Allen, TX 75013

www.experian.com

Phone: 800-680-7289

P.O. Box 2000

Chester, PA 19016

https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

 

 

 

 

In order to request a security freeze a customer will need to provide the following information:

 

  1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security Number;
  3. Date of birth;
  4. If a customer has moved in the past five (5) years, provide the addresses where you have lived over the prior five (5) years;
  5. Proof of current address such as a current utility bill or telephone bill;
  6. A legible photocopy of a government issued identification card (state driver’s license or ID card, military identification, etc.)
  7. In the event a customer is a victim of identity theft, include a copy of either the police report, investigative report or complaint to a law enforcement agency concerning identity theft;
  8. If a customer is not the victim of identity theft, include payment by check, money order, or credit card (Visa, Mastercard, American Express or Discover only). DO NOT send cash through the mail.

 

The credit reporting agencies have three (3) business days after receiving a request to place a security freeze on a credit report.  The credit bureaus must also send written confirmation within five (5) business days and provide a customer with a unique person identification number (PIN) or password, or both that can be used to authorize the removal or lifting of the security freeze.

 

Federal Trade Commission Information

 

Additionally, the Federal Trade Commission (FTC) also provides information related to identify theft and fraud alerts.  The FTC may be contacted as follows: (i) its website, http://www.ftc.gov/, (ii) by phone, 1-877-438-4339 or (ii) by mail at 600 Pennsylvania Avenue, NW, Washington, DC 20580.

 

Police Reports

 

Customers have the right to obtain any police report that is filed in connection with this incident.  In addition, a customer should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities.

 

For more information.

 

If a customer has any questions regarding this incident please call 1-855-223-7528, Monday through Friday from 8:00 a.m. to 5:00 p.m. Central Time.  In addition, please feel free to contact Mark Delaney at 617-783-4308 with any questions.

 

Allston Car Wash is committed to protecting the privacy and security of our customer’s information and we are working diligently to ensure this incident does not occur again.  We are reviewing our security process and protocols and evaluating additional safeguards to the extent that they are warranted.  We regret any inconvenience or concern caused by this situation.