Snaptron, Inc., a Colorado corporation, is notifying you of a data security incident that may have involved your personal information. Below we describe what happened, what information was included, and what Snaptron is doing to address this matter. We are taking this matter very seriously and regret any inconvenience it may cause you.
Please note, after a diligent and good faith investigation into the data security incident, Snaptron has determined that the compromised information may constitute “personal information” as defined under the General Data Protection Regulations. We have determined that this potentially constitutes a security breach which would require formal notice and therefore have taken steps to inform the data protection authorities in each country. However, given the nature of the breach and the data involved, we are confident that misuse of any data is not likely to occur. This notice is being sent to you as a courtesy because you are a valued customer, not as a statutory notice pursuant to the various applicable laws of the States of the United States or other countries.
On May 27th, 2020, we became aware of a data security incident. We promptly began an investigation and determined that on May 21st, 2020, an unauthorized user accessed our server and obtained limited information from an internal file share. Since discovering this, we have been investigating the situation as quickly as possible to assess what data was impacted and to notify those affected users.
What Information Was Involved
Based on Snaptron’s investigation, the compromised information included (to the extent that you provided such information to Snaptron):
- Your name, email address, phone number
- Your company telephone number, company billing address, and company shipping address
- Company shipping account number
- Packing lists and part files
- Non-disclosure agreements and personal signatures (Snaptron found very few instances of compromised personal signatures
What Information Was Not Involved
Note: Snaptron’s internal policy prevents us from storing payment, bank account, or credit card information. In addition, we do not have a customer portal or a similar system that would require you to provide us with a username or passwords.
Based on Snaptron’s investigation, we can confidentially say that the following information was NOT compromised:
- Payment, bank account, or credit card information, including security codes, access codes, PINs, or passwords that would permit access to such accounts
- Social security numbers, driver’s license numbers, passport numbers, employee numbers
- Dates of birth
- Family identifying information, including maiden names
- Login information or credentials, including passwords and security questions/answers
- Health/medical information or insurance information
- Biometric data
What Are We Doing to Prevent Future Incidents
We are continuing to investigate this incident, with the assistance of outside experts. We have also notified the Federal Bureau of Investigation and are cooperating with their investigation. Also, we are reviewing our security protocols and have taken steps to enhance our security. We have also notified relevant data protection regulators in each country.
What You Can Do
Snaptron will only ever email you from Snaptron.com, and will never ask for personally identifiable information. Please remain vigilant in protecting your information and identity and do not respond to abnormal requests for information, requests from suspicious sources, and do not open attachments or emails that you do not recognize. If you believe that you may have been targeted by a party purporting to be Snaptron, please contact us as soon as possible so we can work together to protect your information and identity.
To the extent that you may be impacted, Snaptron does not believe that your information is likely to be misused as a result of the recent data security incident.
As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports carefully. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained.
For More Information
As required under the GDPR we have appointed an EU Representative, you can contact our EU Rep at: https://eugdprrep.com or on:
Tel: +353 01 554 9700
Snaptron values your privacy and sincerely regrets any concern this incident causes you. The trust of our customers is of the utmost importance to us, and we are committed to maintaining that trust.