DATA BREACH NOTIFICATION

Dear Current or Former Employee,

We are writing to you because of an incident involving access to information associated with the DSSW employment and training website https://www.dsswtx.org.  Although we are unaware of any actual
misuse of your information, we are providing notice to you and other potentially affected people
about the incident, and about tools you can use to protect yourself against possible identity theft or
fraud.

What Happened?
We were informed on October 3, 2022 that our website https://www.dsswtx.org experienced an intrusion.  Our site is operated for us by a third-party company (our “Internap Holding, Inc”), and it was the platform provider’s systems that experienced the intrusion.  The intruder or intruders placed
ransomware on the platform provider’s servers, and by doing so may have gained access to your data for the employment and training website.  To date, the investigation indicates that the intrusion began in approximately September 28, 2022 and ended on the same day.  The platform provider’s Chief Information Security Officer initiated an incident response and within the same day was able to stop further attack.

What Information Was Involved?
The attackers may have gained access to details about you based on the following scenarios:

Scenario A: Employment Application

If you accessed the https://www.dsswtx.org and submitted an employment application, your name, phone number, email address, job applied to and location applied to may have been included in the data breach.  This data was used to sort and filter data in the employment site.

Note:  the actual application data was stored separately, is encrypted and is not included in this data breach.  Your address, social security number, etc. are NOT being reported as accessed by or disclosed to unauthorized third parties because that data was stored separately and encrypted.

Scenario B: Training Site

If you are a current or past employee your name, address, phone number, employee id and training history may have been included in the data breach.  This is true whether you participated in training or not.  Most employees attended training via this website during the onboarding process.

What Are We Doing?
Our platform provider has removed the malware from its systems and is actively monitoring the platform to safeguard personal information.  We reviewed the affected website and database for indications of intrusion and found no additional information.  We are reporting this breach to the appropriate authorities.  We are also ensuring all prospective, past and current employees know of this data breach so the increased awareness may help protect you and the community.  To date, law enforcement has not been included by DSSW.

What You Can Do?
To protect yourself from the possibility of identity theft, we recommend you remain vigilant of any suspicious activity.  To help you maintain a secure and safe digital presence, please consider the following baseline security tips to mitigate harm and prevent further breaches:

• Use long and complex passwords
• Use two factor authentication as much as possible
• Do not reuse, discuss or share passwords
• Be careful to only click links in messages that you know are legitimate. Clicking links in emails and text messages can result in a ransomware attack.
• Update all software regularly. This includes computers and mobile devices.
• Talk to your friends and family about ways to improve your digital security
• Find a mentor with experience in cyber security to help guide you in the process of securing your digital presence.

For More Information
This message with any updated information will be available for the next 90 days at 1-800-974-1362 or 1-888-501-3455.  Please call this number at any time.

If there is anything else that we can do to assist you, please call 1-800-974-1362 or 1-888-501-3455 at any time and leave a message.  Your message will be routed directly to the breach notification team for review and response.