Notice of NCH Data Security Incident

NCH Corporation ("NCH") takes the privacy and security of the information we hold very seriously. NCH recently identified and resolved a security incident that may have involved some of that information. This notice explains the incident, outlines the measures we have taken in response, and provides additional steps you can take.

We recently concluded our investigation of an incident that caused certain systems in our network to become unavailable. Upon first identifying suspicious network activity, we immediately began an investigation, a cybersecurity firm was engaged, and measures were taken to address the incident and to restore the systems involved. We also notified law enforcement and worked to support its investigation.

We learned that there was unauthorized activity in our network between March 2, 2021 and March 5, 2021. During that time, there was unauthorized access to folders on some of our file servers. The investigation was not able to determine which files in these folders might have been accessed, so out of an abundance of caution, we conducted a careful review of the folders to determine what kinds of information they contained. On May 12, 2021, we identified fills within some of the folders that contained information potentially relating to NCH's health insurance plan and proceeded with a further review of those files. We completed this review on June 29, 2021, and determined that the files contained health plan participant information, which included some enrolees’ names, dates of birth, Social Security numbers, health insurance benefits election information, and/or premium accounts.

This incident did not involve all current/former NCH employees or their dependents, but only those whose information was included in the files referenced.

As a precaution, we are mailing letters to individuals whose information was identified in the files. We have also established a dedicated, toll-free call centre to answer individuals' questions, and we are offering complimentary credit monitoring and identity protection services to the members whose Social Security numbers were included in the files. Additionally, it is always advisable to review any statements you receive from their health insurers. If members see charges for services they did not receive, they should contact the insurer immediately.

We regret that this incident occurred and for any inconvenience. To help prevent something like this from happening again, we have taken and are taking steps to enhance our existing security measures and processes, including implementing enhanced network monitoring tools. If you have questions, please call 866-991-0726, Monday through Friday, from 8:00 a.m. to 9:00 p.m. Central Time.