Cadence Bank Data Security Event

Substitute Notice

May 20, 2024

Nabholz Construction Corporation was recently impacted by a data security incident that affected the personal information of certain of its current and former employees.  This event occurred at Cadence Bank, which at the time of the incident owned Cadence Insurance (collectively, “Cadence”).  Cadence Insurance is the insurance agent for our employee health insurance plans. We have no reason to believe that any personal information has been misused.

What happened?

Nabholz’s own computer systems were not affected by this incident.  The data security event involved one of Cadence’s Vendors, MOVEit Transfer (“MOVEit”), a file transfer application owned by Progress Software corporation (“Progress”).  On June 1, 2023, Cadence learned of a security vulnerability affecting MOVEit. Cadence immediately took the MOVEit application offline and implemented fixes issued by Progress as they became available. Cadence hired a law firm to investigate the incident with the help of cybersecurity professionals. Cadence also reported the matter to law enforcement. On June 18, 2023, Cadence learned through the investigation that an unauthorized third-party had accessed and downloaded information that was stored on the MOVEit application, which may have included your personal information.  It is believed that the information was accessed and downloaded between May 28-31, 2023. Cadence first determined that your personal information may have been involved in this incident on October 25, 2023. On November 30, 2023, Cadence Insurance notified [Entity Name] of the possibility that your data was involved.  Upon learning of the incident, [Entity Name] coordinated with Cadence to understand the scope and breadth of the incident and Cadence’s response.  It is our understanding that, worldwide, millions of individuals were affected by the MOVEit data breach.

What information was involved?

The personal information involved may have included: name, address, date of birth, medical and/or treatment information (e.g., provider name, medications), and health insurance information. Please note that not all data elements were involved for each individual. To date, Cadence is not aware of any actual fraud or identity theft instances involving your information.

What we are doing.

Nabholz values and respects the privacy of personal information. We are coordinating with Cadence in an effort to ensure that proper steps are taken by Cadence to protect your information in the future. We understand that upon learning of the vulnerability, Cadence took steps to mitigate and remediate the incident and help prevent further unauthorized activity and contacted law enforcement. In response to this incident and as part of its ongoing effort to stay ahead of evolving threats, Cadence advised us that it has further enhanced its security and monitoring practices and strengthened its systems to minimize the risk that a similar incident occurs in the future.

For more information.

If you have any questions about this matter or would like additional information, please call toll-free (888) 315-9129. This call center is open from 9 am – 9 pm Eastern Time, Monday through Friday, except holidays.