- The breach potentially compromised current and former associates' information, including first and last names, addresses, Social Security numbers and Keller Williams usernames and passwords.
- Those associates were sent a letter and offered a complimentary year-long subscription to an identity protection product.
How long should a franchisor hold onto an agent’s personal information after that agent has left the franchisor for different pastures?
That’s a question many former Keller Williams agents are asking themselves after they received notice last week that a “security incident involving the personal information of some of [Keller Williams’] current and former associates” could have compromised their personal information.
One associate, who left the company in late 2008, shared the letter with Inman.
Inman has reached out to Keller Williams to learn more about the number of former and current associates affected, as well as how long the company typically holds on to an associate’s information after that person departs the franchise, and whether the company plans to change how it collects and stores associate information moving forward; we’ll update the story with the responses.
What happened?
In the letter, which was signed by Keller Williams CEO John Davis, Keller Williams said that it recently learned that an “unauthorized third party” was able to gain access to its network and might have been able to also access some associate information during that breach.
Davis and Keller Williams believe that “certain associate information, including first and last name, addresses, Social Security number, and in some cases, Keller Williams usernames and passwords, were contained in these files and could be affected as a result of this incident.
“Please note that at this time, we are not aware of any fraud or misuse of your information as a result of this incident,” the letter added.
A post on the Round Rock Market Center Tech Guy Facebook page — the fan page for the Keller Williams Round Rock Market Center technology coordinator — said that the company discovered the breach “as part of our normal security monitoring.”
“Upon learning of the incident, we immediately initiated an internal investigation and retained an independent forensic investigation firm to assist us in investigating and responding to this incident,” the Facebook post explained. “Upon completion of the investigation and once we had the information needed to provide an accurate notification, we mobilized our resources to provide notice to those individuals that could be affected by this incident.”
What’s going to happen?
“Keller Williams takes the privacy and protection of personal information very seriously, and deeply regrets that this incident occurred,” wrote Davis in the letter.
“Upon learning of this situation, we took immediate action to identify, block and prevent future unauthorized access, and initiated an investigation with the assistance of external forensic experts.”
The letter also stated that Keller Williams has looped in law enforcement and is offering letter recipients a free year-long membership in Experian ldentityWorks.
“This product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft,” stated the letter. “Included with this service are fraud resolution services that provide an Experian Fraud Resolution agent to work with you to investigate and resolve each incident of fraud that occurred from the date of the incident (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).”
The Round Rock Market Tech Center Tech Guy page encouraged readers to sign up for the Experian service, too. “Additionally, we have provided suggestions on steps that you can take to help protect yourself from the misuse of your information in the ‘Information about Identity Theft Protection’ reference guide included with the notice letter you will receive,” it said.
“We recommend that you carefully check your credit reports for accounts you did not open or for inquiries from creditors you did not initiate,” added the post. “If you see anything you do not understand or that looks suspicious, or if you suspect any fraudulent transactions have taken place, you should immediately notify the issuer of the credit or debit card.”