Notice of Security Incident

Navistar is notifying individuals of a data security incident involving the personal information of certain current and former U.S. employees and health plan participants. 

What happened:

The timeline is as follows:

  • On May 20, 2021, Navistar learned of a potential security incident affecting its IT systems. Upon learning of the incident, Navistar launched an investigation and took immediate action in accordance with its cybersecurity response plan. Navistar conducted its investigation with the assistance of leading cybersecurity experts hired to evaluate and address the scope and impact of the security incident. Based on the information Navistar has at this time, the company believes that this incident occurred prior to May 20, 2021.
  • On May 31, 2021, Navistar received a claim that certain data had been extracted from its IT systems. In the course of the investigation, it was confirmed that an unauthorized third party had accessed and taken certain data from Navistar’s IT systems.
  • On June 7, 2021, Navistar publicly filed an 8-K with the U.S. Securities and Exchange Commission confirming the security incident.
  • On August 20, 2021, Navistar discovered that the unauthorized third party had accessed and taken certain data containing personal information about some participants in either the Navistar, Inc. Health Plan or the Navistar, Inc. Retiree Health Benefit and Life Insurance Plan (collectively, the “Plan”). The data may have included full names, addresses, dates of birth, social security numbers, and/or information related to participation in the Plan.
     

How do you know if you were affected:

Navistar is notifying additional individuals who the company determined were affected by the security incident. If you did not receive a letter, but believe that you may have been affected, you may call the Call Center as directed below.

What we are doing:

Although Navistar is not aware at this time that any third party has made use of the affected data as a result of this incident, out of an abundance of caution, the company is providing affected individuals with access to two years of free credit monitoring and identity theft protection through Experian. 

Where individuals affected by this incident have been able to be identified, letters have been mailed to their last known address. These letters were mailed on or about September 21, 2021. 

In addition to using the credit monitoring and identity theft protection described above, it is recommended that affected individuals remain vigilant for incidents of fraud and identity theft. Individuals can review their account statements and monitor free credit reports. Promptly report any fraudulent activity or any suspected incidents of identity theft to the bank or other financial institution holding your accounts, as well as any appropriate authorities, such as your state attorney general and the Federal Trade Commission ("FTC"). 

The FTC and the Internal Revenue Service (“IRS”) both generally recommend that individuals who believe that they may be at risk of taxpayer refund fraud should file their income taxes as early as possible. The IRS further suggests that a taxpayer who is an actual or potential victim of identity theft complete and submit to the IRS Form 14039 (Identity Theft Affidavit). Form 14039 is available at https://www.irs.gov/pub/irs-pdf/f14039.pdf. Upon receipt of this affidavit, the IRS may flag your taxpayer account to identify questionable activity.

Should you have questions about this notice, please contact the Experian Call Center at (855) 387-4540 Monday through Friday 8 am – 10 pm CST, Saturday and Sunday 10 am – 7 pm CST (excluding major U.S. holidays). This line will be accessible until December 31, 2021. Please be prepared to provide Experian with engagement number B018456.

Navistar is committed to systems security and the protection of its corporate, customer, dealer, current and former employee, and plan participant information. The company has taken a number of steps to enhance its security protocols and controls, technology, and training, and continues to assess additional options to protect its IT systems. Navistar takes the security of its systems and data very seriously and regrets any concern this situation may have caused.  

ADDITIONAL INFORMATION ON CREDIT MONITORING & IDENTITY THEFT 

Individuals are advised to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports and to promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and your state’s attorney general as well as the Federal Trade Commission. 

The following are some resources:

Federal Trade Commission (“FTC”)
www.ftc.gov/idtheft 
1-877-ID-THEFT (1-877-438-4338)

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC  20580 

Take Charge: Fighting Back Against Identity Theft 
This is a comprehensive guide from the FTC to help you guard against and deal with identity theft
https://www.identitytheft.gov/

Credit Bureaus
You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com, calling 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348.  You can print a copy of the request form at www.annualcreditreport.com/manualRequestForm.action

Alternatively, you may elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies. Contact information for the three national credit reporting agencies for the purpose of requesting a copy of your credit report or for general inquiries is as follows:


Equifax
1-800-685-1111
www.equifax.com/CreditReport
Assistance

P.O. Box 740241
Atlanta, GA 30374

 

Experian
1-888-397-3742
www.experian.com
P.O. Box 4500
Allen, TX 75013

 

TransUnion
1-800-888-4213
www.transunion.com/fraud
P.O. Box 1000
Chester, PA 19016

 
You can obtain additional information from the FTC and the nationwide credit reporting agencies about placing a security freeze on your credit files and fraud alerts. A security freeze is a free tool that lets you restrict access to your credit report, which in turn makes it more difficult for identity thieves to open new accounts in your name. To place a security freeze on your credit files, contact each of the nationwide credit bureaus using the contact information listed above. You will need to supply your name, address, date of birth, social security number, and other personal information. You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies using the contact information listed above.

FOR MARYLAND RESIDENTS
You can obtain information about preventing identity theft from the FTC or: 
Maryland Attorney General: 
Visit the Maryland Office of the Attorney General, Identity Theft Unit at: 
http://www.marylandattorneygeneral.gov/Pages/IdentityTheft/default.aspx 
or call 410-576-6491
or write to this address: 
Maryland Office of the Attorney General 
Identity Theft Unit
16th Floor
200 St. Paul Place 
Baltimore, MD 21202

FOR NORTH CAROLINA RESIDENTS
You can obtain information about preventing identity theft from the FTC or: 
North Carolina Attorney General:
Visit the North Carolina Office of the Attorney General at: 
www.ncdoj.gov or call 1-877-566-7226
or write to this address: 
Attorney General’s Office 
9001 Mail Service Center
Raleigh, NC 27699-9001

FOR RHODE ISLAND RESIDENTS
Eight (8) individuals in Rhode Island were affected by this incident.  You may obtain information about preventing identity theft from:
Rhode Island Attorney General:
Visit the Rhode Island Office of the Attorney General at:
www.riag.ri.gov, or call (401) 274-4400
or write to this address:
Rhode Island Office of the Attorney General
Consumer Protection Unit 
150 South Main Street
Providence, RI 02903

FOR WASHINGTON D.C. RESIDENTS
You can obtain information about preventing identity theft from the FTC or the following:
Washington D.C. Attorney General:
Visit the Washington Office of the Attorney General (OAG) at:
https://oag.dc.gov/, or call the OAG’s Office of Consumer Protection at 202-442-9828
or write to this address:
Office of the Attorney General
400 6th Street, NW
Washington, DC 20001