Charlotte’s housing authority accidentally sends emails containing tenants’ personal info

CHARLOTTE — Officials with Charlotte’s housing agency, Inlivian, said they accidentally emailed out personal information that belongs to more than 100 people who have gotten help from the agency.

An Inlivian tenant contacted Channel 9 and said they received addresses, birthdays and income data of people in the agency’s system.

“The email says, ‘Hello team. I hope all is well. Attached is an uploaded list of my caseload,’” the tenant, who did not want to be identified, said.

Inlivian officials confirmed the information for 113 of its residents was emailed out Tuesday by mistake and it happened while an employee was being trained. No Social Security numbers were shared.

“It was an absolute accident,” said Cheron Porter, spokesperson with Inlivian “I don’t think personnel realized the information was attached to the email. So, we’re taking internal measures to make sure it doesn’t happen again.”

Porter said Inlivian is notifying the affected tenants to offer credit monitoring.

Inlivian serves more than 10,000 people in the area.

Expert advice

Theresa Payton, CEO of the cybersecurity agency Fortify, said someone could apply for credit, submit a fake job application, and apply for health insurance with that kind of information.

The first thing someone with compromised data should do is call their bank and credit card lenders.

“Ask them for creative ways to lock your bank account down and turn on every notification you can think of,” Payton told Channel 9. “So, you’re getting alerts anytime somebody makes a deposit, makes a withdrawal.”

People should consider asking credit bureaus for a temporary or permanent freeze, too.

That way if someone applies for credit in their name, the victim of the fraudulent activity will get an alert.

Documentation is very important if something is wrong. Keep track of what happened. Filing a police report is also a good idea.

“(Do this) in the event that somebody applies for credit, applies for an IRS tax refund, or anything else that a fraudster may attempt to do, so that you are on the record saying, ‘I was alerted that I was a victim of a data breach and I let everybody know and I am seeking protections,’” Payton said.

If an email address was divulged, people can fall prey to social-engineering campaigns.

Creating a new email account is recommended, Payton said.

Letter from Inlivian to tenants

Dear Resident:

I am writing to inform you that some INLIVIAN residents’ personal information has been released publicly. Due to a gross miscalculation on our part, your personal information was shared, but NOT your social security number. As soon as we discovered the mishap on Tuesday, January 24, 2023, we began working tirelessly to investigate and remedy the issue.

We take this incident, and the security of your personal information, very seriously. We are implementing additional safeguards and will provide additional mandatory training to our employees on safeguarding the privacy and security of information on our systems. Additionally, we are offering all affected individuals access to one year of credit monitoring and identity theft restoration services through LifeLock at no charge. In the coming days, we will send you instructions on how to enroll and receive these free services, as well as more information on how to better protect against identity theft and fraud.

What can you do?

We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days.

Equifax: equifax.com or 1-800-525-6285

Experian: experian.com or 1-888-397-3742

TransUnion: transunion.com or 1-800-680-7289

Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Checking your credit reports periodically can help you spot problems and address them quickly. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, file a police report. Get a copy of the police report; you may need it to clear up the fraudulent debts.

If your personal information has been misused, visit the FTC’s site at www.IdentityTheft.gov to get recovery steps and to file an identity theft complaint. You may also contact them at 1-877-ID-THEFT (877-438-4338), or 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations.

You also may want to consider contacting the major credit bureaus at the telephone numbers above to place a credit freeze on your credit file. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identity thief can open new accounts in your name. The cost to place and lift a freeze depends on state law.

You can also visit the NC Attorney General’s office to obtain additional information about preventing identity theft. They can be reached at www.ncdoj.gov, (919) 716-6400, or 9001 Mail Service Center, Raleigh, NC 27699-9001.

For More Information

If you have additional questions, please contact Regan Sadler at 980-729-6665. We sincerely apologize for this data security breach and the inconvenience that it may cause you and your family.

VIDEO: American Airlines flight attendants join systemwide picketing