The Texas-based engineering firm Pape-Dawson Engineers, Inc. recently filed official notice of a data breach with various government entities. While Pape-Dawson confirmed unauthorized access to its computer system, the company has not yet publicly released the data types compromised as a result of the breach. However, on June 21, 2022, Pape-Dawson began sending out data breach letters to all affected parties. In these letters, the company provides a detailed list of all leaked personal information, as well as steps consumers can take to reduce the risk of identity theft or fraud.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Pape-Dawson Engineers data breach, please see our recent piece on the topic here.

What We Know About the Pape-Dawson Engineers Data Breach

According to an official notice filed by the company, on around February 21, 2022, Pape-Dawson first detected what it recognized as suspicious activity on its IT servers. In response, the company took the necessary steps to secure its network and then worked with cybersecurity professionals to limit the impact of the event. Once Pape-Dawson shut down the unauthorized user’s access, the company then began an investigation into the incident. This investigation confirmed that the unauthorized party gained access to certain Pape-Dawson systems on February 21, 2022. The period of unauthorized access lasted until February 25, 2022. The company subsequently confirmed that affected files contained sensitive consumer data.

Upon discovering that consumer data was accessible to an unauthorized party, Pape-Dawson Engineers then reviewed the affected files to determine who was affected by the breach and what specific data types were impacted. While the company completed this review on April 28, 2022, it has not yet publicly released the data types that were compromised in the breach. However, Pape-Dawson is offering all individuals whose information was compromised one year of free credit monitoring, suggesting that the breached data may have included Social Security numbers or financial account information.

On June 21, 2022, Pape-Dawson Engineers sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Pape-Dawson Engineers, Inc.

Founded in 1965, Pape-Dawson Engineers, Inc. is an engineering firm based in San Antonio, Texas. Pape-Dawson provides civil engineering, surveying, GIS, and environmental services for public and private clients across Texas. Some of the projects Pape-Dawson has worked on include theme parks; school campuses; healthcare facilities; transportation improvement projects; water infrastructure projects; commercial land development projects; and residential projects. Pape-Dawson employs a staff of approximately 850 people across seven locations, including in Austin, Dallas, Fort Worth, Houston, New Braunfels, North Houston, and San Antonio. Pape-Dawson Engineers generates approximately $133 million in annual revenue.

The Importance of Social Security Numbers

Pape-Dawson has not yet confirmed whether the Social Security numbers of those individuals who were affected by the recent data security incident were breached. However, that is a strong possibility based on the type of breach and the fact that the company is offering free credit-monitoring services.

Social Security numbers were first introduced by the Social Security Administration (“SSA”) in 1936 as a way for the SSA to track the earnings of citizens. However, because nearly every U.S. citizen has their own unique Social Security number, over time, they became a way for companies to validate a person’s identity, usually through the last four digits.

While the general practice has moved away from using Social Security numbers for identification, the government still uses them for income-tracking purposes. Thus, employers, as well as any financial institution that pays or receives interest, will need a person’s Social Security number. Additionally, the lack of another viable alternative means that other businesses also use this information.

In short, Social Security numbers are the “unofficial national identifier.” Thus, if someone with ill intent obtains your Social Security number, they can cause a lot of trouble. From opening bank accounts to taking out loans to filing taxes to receive your tax refund, criminals can keep busy with your Social Security number. Thus, it is essential for anyone whose Social Security number was leaked in a data breach to take the necessary precautions to prevent identity theft and other frauds to the extent possible.

The Federal Trade Commission provides some basic guidance for data breach victims whose Social Security numbers were compromised.

• If a company offers free credit monitoring, take it up on the offer;

• Frequently check your credit report for any unfamiliar or unauthorized charges;

• Consider placing a credit freeze, which makes it much harder for a criminal to open up a loan or account in your name;

• If you opt not to place a credit freeze, consider placing a fraud alert;

• Try to file your taxes early to avoid tax identity theft;

• Do not believe anyone who calls claiming to be from the IRS, even if they make threats or have your complete Social Security number; and

• Continue to regularly check your credit report as well as your existing bank and credit card accounts.