- When did Bluebird become aware of the intrusion? Bluebird was alerted to the intrusion the morning of March 22 and shut it down immediately.
-
Why has it taken so long to notify customers? An investigation was initiated immediately upon discovery of the incident and we notified customers as soon as possible after determining the nature of the customer data potentially obtained by the attacker.
- Do you expect customer data to show up on the dark web or internet? While that is always a possibility with incidents of this type, we are not aware of any customer CPNI or PII having been released to date.
- Who targeted Bluebird and why? While the investigation is ongoing, we cannot comment on these details.
-
Where was the customer data sent to? We are unaware of any customer data surfacing online as of yet. While the investigation is ongoing, we cannot comment on these details.
-
What do customers need to do in response to Bluebird having CPNI data taken? With the exception of those customers who have paid Bluebird by check, the only CPNI that was obtained is the information that appears on the customer invoice, such as customer name, address, billing account and amount paid. While we do not believe this information can be used by the attacker to cause you harm, we encourage you to reach out to your advisors to determine what, if any, steps you need to take. If you paid Bluebird by check, we encourage you to contact your financial institution to make them aware of this situation and follow their advice as to how best to protect your account.
-
How did this intrusion happen? The investigation is still ongoing, as such we cannot provide details at this time.
-
What exactly is Bluebird doing to prevent this from happening again? While there is no way to completely prevent malicious targeting, Bluebird has bolstered internal security and updated policies and procedures regarding CPNI in order to prevent future incidents.
-
How do customers know if they paid by check at some point in the history of doing business with Bluebird since customer AP staff may not be with them anymore? Bluebird is currently analyzing its data to identify those customers; we expect that analysis to be complete within the next week. When complete, we will be sending a separate notice to those customers.
-
What do customers do if the perpetrator reaches out to them? We encourage you not to communicate or engage with anyone you are unfamiliar with. Please let us know of the contact by emailing Elliott Gillespie at [email protected].