On July 8, 2024, Lyon was alerted to a significant data loss involving customer information from one of its third-party providers. Upon discovering the incident, Lyon acted swiftly to contain the situation and engaged a cybersecurity firm to investigate the matter thoroughly. The investigation revealed that certain data belonging to Lyon may have been accessed or acquired without authorization. Lyon then undertook a comprehensive review of the affected data to ascertain which personal information was compromised, ensuring that they had the most current contact information for those impacted. This review was finalized on August 26, 2024.
Following the investigation, Lyon notified six residents in Indiana on August 30, 2024, sending letters via first-class U.S. mail. The notification letter outlined the specific information that may have been compromised, which included the affected individuals’ names, Social Security numbers, and driver’s license numbers. Lyon ensured that these individuals were informed promptly to allow them to take necessary precautions regarding their personal information.
In response to the data loss incident, Lyon took several measures to mitigate the risks and prevent similar occurrences in the future. They retained cybersecurity experts to conduct a forensic investigation aimed at identifying the source and scope of the breach. Additionally, Lyon implemented enhanced security measures to strengthen their environment, which included reporting the incident to federal law enforcement and pledging full cooperation with ongoing investigations.
Lyon also provided affected individuals with resources and guidance on protecting their information in the aftermath of the incident. Each individual whose personal data was compromised was offered complimentary identity protection services, which included 12 months of credit monitoring, identity restoration services, and identity protection insurance through Cyberscout, a company specializing in fraud assistance and remediation. Furthermore, a dedicated call center was established to assist individuals with enrollment in these services and to address any questions they may have for a minimum of 90 days.
Reference:
