Massachusetts Data Breach Notification Requirements for Consumers

Return Mail Processing Center: PO Box 173071 | Milwaukee, WI 53217

< > << Last Name>> < > < > < >, < > < > < > (Format: Month Day, Year) Subject: Notice of Data <

1. Full name and any suffixes;
2. Social Security Number;
3. Date of birth;

4. If you have moved in the past five years, the addresses where you have lived over the prior five
   years;

5. Proof of current address such as a current utility bill or telephone bill;

6. A legible photocopy of a government issued identification card (state driver’s license or ID card,
   military identification, etc.); and

7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or
   complaint to a law enforcement agency concerning identity theft. The consumer reporting agencies have three (3) business days after receiving your request to place a security freeze on

your credit report. The credit bureaus must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both that can be used by you to authorize the removal or lifting of the security freeze. To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must call or send a request to the consumer reporting agencies and include proper identification (name, address, and Social Security Number) and the PIN or password provided to you when you placed the security freeze as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The consumer reporting agencies have three (3) business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time. To remove the security freeze, you must send a request to each of the three consumer reporting agencies and include proper identification (name, address, and Social Security Number) and the PIN or password provided to you when you placed the security freeze. The consumer reporting agencies have three (3) business days after receiving your request to remove the security freeze. No fee is required to be paid to any of the consumer reporting agencies to place, lift or remove a security freeze. In order to determine whether any unauthorized credit was obtained with your information, you may obtain a copy of your credit report at www.annualcreditreport.com or 1-877-322-8228. You may also request information on how to place a fraud alert by contacting any of the above consumer reporting agencies. A fraud alert is intended to alert you if someone attempts to obtain credit in your name without your consent. It is recommended that you remain vigilant for any incidents of fraud or identity theft by reviewing credit card account statements and your credit report for unauthorized activity. You may also contact the Federal Trade Commission (FTC) to learn more about how to prevent identity theft: FTC, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, D.C. 20580, www.ftc.gov/bcp/edu/microsites/idtheft/, 1-877-IDTHEFT (438-4338). Additionally, although we have no indication at this time of any misuse of your information, we have secured the services of Iris Identity Protection to provide complimentary identity monitoring for < > months at no charge. To enroll in the credit monitoring services at no charge, please visit https://iris- pro.myidentityprotectiononline.com and enter the following promo code to enroll and begin your membership: < > (case sensitive). Please note the deadline to enroll is 90 days from the data of this letter. Iris Identity Monitoring provides One-bureau credit monitoring from Equifax®, Identity Monitoring, Identity Fraud Insurance , and Identity Resolution Services. 1 What Can You Do? We encourage you to enroll in the credit protection services we are offering, which are at no cost to you. Please also review the guidance at the end of this letter, which includes additional resources you may utilize to help protect your information. For More Information: If you have questions or need assistance, please contact 877-507-2354 Monday through Friday from 8:00 a.m. to 5:00 p.m. Central Time, excluding major U.S. holidays. Identity Defense representatives are fully versed on this incident and can help answer questions you may have regarding the protection of your information. Sincerely, Chapel Hill Presbyterian Church 7700 Skansie Avenue Gig Harbor, WA 98335

The Identity Expense Reimbursement and the Unauthorized Electronic Fund Transfer Reimbursement benefits are underwritten and administered by American 1 Bankers Insurance Company of Florida, an Assurant company, under group or blanket policies issued to Generali Global Assistance, Inc., dba Iris® Powered by Generali for the benefit of its Members. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits at https://www.irisidentityprotection.com/terms-conditions.

Steps You Can Take to HELP Protect Your Information

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and monitoring free credit reports closely for errors and by taking other steps appropriate to protect accounts, including promptly changing passwords. I f you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained for remed iation assistance or contact a remediation service provider. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Comm ission (FTC). You should also contact your local law enforcement authorities and file a pol ice report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the FTC is as follows:

• Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Ave, NW, Washington, DC 20580, 1 -877-
  IDTHEFT (438-4338), www.consumer.ftc.gov, www.ftc.gov/idtheft. Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print this form at https://www.annualcreditreport.com/cra/requestformfinal.pdf. You also can contact one of the following three national credit reporting agencies:

• Equifax, P.O. Box 740241, Atlanta, GA 30374, 1-800-525-6285, www.equifax.com.

• Experian, P.O. Box 9532, Allen, TX 75013, 1-888-397-3742, www.experian.com.

• TransUnion, P.O. Box 1000, Chester, PA 19016, 1-800-916-8800, www.transunion.com.
  Fraud Alerts: There are two kinds of general fraud alerts you can place on your credit report —an initial alert and an extended alert. You may want to consider placing either or both fraud alerts on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and re quests that the creditor contact you prior to establishing any accounts in your name. You may have an extended alert placed on your cred it report if you have already been a victim of identity theft and provide the appropriate documentary poof. An extended fraud alert is also free and will stay on your credit report for seven years. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com. Military members may also place an Active Duty Military Fraud Alert on their credit reports while deployed. An Active Duty Military Fraud Aler t lasts for one year and can be renewed for the length of your deployment Credit or Security Freezes: Under U.S. law, you have the right to put a credit freeze, also known as a security freeze, on your credit file, for up to one year at no cost. The freeze will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your abi lity to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. There is no fee to place o r lift a security freeze. For information and instructions on how to place a security freeze, contact any of the credit reporting agencies or the FTC identified above. In order to place a security freeze, you may be required to provide the consumer reporting agency w ith information that identifies you including your full name, Social Security number, date of birth, current and previou s addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement. After receiving your freeze request, each credit bureau will provide you with a unique PIN or password. Keep the PIN or password in a safe place as you will need it if you choose to lift the freeze. A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it altogether. If the request is m ade online or via phone, a credit bureau must lift the credit freeze within an hour. If the request is made by mail then the bureau must lift the freeze no later than three business days after receiving your request. IRS Identity Protection PIN: You can obtain an identity protection PIN (IP PIN) from the IRS that prevents someone else from filing a tax return using your Social Security number. The IP PIN is known only to you and the IRS and helps the IRS verify y our identity when you file your electronic or paper tax return. You can learn more and obtain your IP PIN here: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin. You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include the right to know what is in your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate,

incomplete, or unverifiable information. For more information about the FCRA, and your rights pursuant to the FCRA, please vi sit http://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf. Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state attorney general about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the attorney general in your state. Additional information: District of Columbia: The Office of the Attorney General for the District of Columbia can be reached at 400 6th Street, NW, Washington, DC 20001; 202-727-3400; oag@dc.gov California: California Attorney General can be reached at: 1300 “I” Street, Sacramento, CA 95814 -2919; 800-952-5225; http://oag.ca.gov/ Maine: Maine Attorney General can be reached at: 6 State House Station Augusta, ME 04333; 207 -626-8800; https://www.maine.gov/ag/ Maryland: Maryland Attorney General can be reached at: 200 St. Paul Place Baltimore, MD 21202; 888 -743-0023; oag@state.md.us or IDTheft@oag.state.md.us North Carolina: North Carolina Attorney General's Office, Consumer Protection Division, can be reached at: 9001 Mail Service Center Raleigh, NC 27699-9001; 877-5-NO-SCAM (Toll-free within North Carolina); 919-716-6000; www.ncdoj.gov New York: New York Attorney General can be reached at: Bureau of Internet and Technology Resources, 28 Liberty Street, New York, NY 10005; 212-416-8433; https://ag.ny.gov/ Oregon: Oregon Office of the Attorney General can be reached at: Oregon Department of Justice, 1162 Court St. NE, Salem, OR, 97301, 1-877-877-9392, www.doj.state.or.us Rhode Island: Rhode Island Attorney General can be reached at: 150 South Main Street Providence, RI 02903, http://www.riag.ri.gov. The total number of Rhode Island residents receiving notification of this incident i s zero. Texas: Texas Attorney General can be reached at: 300 W. 15 Street, Austin, Texas 78701; 800-621-0508; th texasattorneygeneral.gov/consumer-protection/ Vermont: Vermont Attorney General’s Office can be reached at: 109 State Street, Montpelier, VT 05609; 802 -828-3171; ago.info@vermont.gov