The Seal of the Commonwealth of Massachusetts, featuring a Native American figure holding a bow and arrow, surrounded by a circular border with the text "SIGILLUM REIPUBLICAE MASSACHUSETTENSIS".

Seal of the Commonwealth of Massachusetts

The Commonwealth of Massachusetts

Department of Revenue Administrative Affairs Division Office of Internal Audit and Risk Management

GEOFFREY E. SNYDER

COMMISSIONER

P.O. Box 7093

Boston, MA 02204-7093

RICHARD J. MORRISSEY

DEPUTY COMMISSIONER

SAMPLE NOTICE

DATE

NAME

ADDRESS

Dear Name:

I am writing to notify you that the Department of Revenue (DOR) determined that on DATE, there was an unauthorized disclosure of your personal information. At this time, DOR is not aware of any information suggesting that your personal information has been used to commit identity theft or fraud. Pursuant to Massachusetts General Laws Chapter 93H, I have attached a notice describing your right to a security freeze, the process for requesting a security freeze, and other relevant information.

In addition, DOR is offering you credit monitoring services for twenty-four (24) months through Experian's IdentityWorks, at no cost to you. If you wish to enroll in these services, you must join by DATE through the Experian website (https://www.experianidworks.com/3bplus). To activate your membership, you need your Activation Code: XXX and Engagement Number: XXX. Please contact an Experian agent at 1-877-890-9332 if you have any questions regarding the credit monitoring services.

If you have any other questions, please contact DOR's Administrative Affairs Division at (617) 626-2130.

Sincerely,

Thomas Serani

Deputy Director of Internal Audit

Administrative Affairs Division

Office of Internal Audit and Risk Management

MASSACHUSETTS GENERAL LAWS CHAPTER 93H NOTICE REQUIREMENTS

Under Massachusetts law, you have the right to obtain any police report filed in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

You may also place a security freeze on your credit reports, free of charge. A security freeze prohibits a credit reporting agency from releasing any information from a consumer's credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing or other services. Under federal law, you cannot be charged to place, lift, or remove a security freeze.

You must place your request for a freeze with each of the three major consumer reporting agencies: Equifax (www.equifax.com); Experian (www.experian.com); and TransUnion (www.transunion.com). To place a security freeze on your credit report, you may send a written request by regular, certified or overnight mail at the addresses below. You may also place a security freeze through each of the consumer reporting agencies' websites or over the phone, using the contact information below:

Equifax Security Freeze

P.O. Box 105788

Atlanta, GA 30348

1-800-349-9960

https://www.equifax.com/personal/credit-report-services/

Experian Security Freeze

P.O. Box 9554

Allen, TX 75013

1-888-397-3742

https://www.experian.com/freeze/center.html

TransUnion Security Freeze

P.O. Box 160

Woodlyn, PA 19094

1-888-909-8872

https://www.transunion.com/credit-freeze

To request a security freeze, you will need to provide some or all of the following information to the credit reporting agency, depending on whether you do so online, by phone, or by mail:

1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);

2. Social Security Number;

3. Date of birth;

4. If you have moved in the past five (5) years, the addresses where you have lived over the prior five years;

5. Proof of current address, such as a current utility bill, telephone bill, rental agreement, or deed;

6. A legible photocopy of a government issued identification card (state driver's license or ID card, military identification, etc.);

7. Social Security Card, pay stub, or W2;

8. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

The credit reporting agencies have one (1) to three (3) business days after receiving your request to place a security freeze on your credit report, based upon the method of your request. The credit bureaus must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password (or both) that can be used by you to authorize the removal or lifting of the security freeze. It is important to maintain this PIN/password in a secure place, as you will need it to lift or remove the security freeze.

To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must make a request to each of the credit reporting agencies by mail, through their website, or by phone (using the contact information above). You must provide proper identification (including name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze, as well as the identities of those entities or individuals you would like to receive your credit report. You may also temporarily lift a security freeze for a specified period of time rather than for a specific entity or individual, using the same contact information above. The credit bureaus have between one (1) hour (for requests made online) and three (3) business days (for request made by mail) after receiving your request to lift the security freeze for those identified entities or for the specified period of time.

To remove the security freeze, you must make a request to each of the credit reporting agencies by mail, through their website, or by phone (using the contact information above). You must provide proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have between one (1) hour (for requests made online) and three (3) business days (for requests made by mail) after receiving your request to remove the security freeze.

HOW TO ACTIVATE YOUR 24-MONTH EXPERIAN IDENTITYWORKS MEMBERSHIP

If you wish to enroll in these services, please activate your membership by following the steps below:

• Ensure that you enroll by the end date provided on the first page of the letter: (Your code will not work after this date.)
• Visit the Experian IdentityWorks website to enroll:
  https://www.experianidworks.com/3bplus
• Provide your activation code from the first page of the letter.

A credit card is not required for enrollment in Experian IdentityWorks.

You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

• Experian credit report at signup: See what information is associated with your credit file. Daily credit reports are available for online members only.1
• Credit Monitoring: Actively monitors Experian, Equifax and Transunion files for indicators of fraud.
• Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
• Identity Restoration: Identity Restoration specialists are immediately available to help you address credit and non-credit related fraud.
• Experian IdentityWorks ExtendCARE™: You receive the same high-level of Identity Restoration support even after your Experian IdentityWorks membership has expired.
• Up to \$1 Million Identity Theft Insurance2: Provides coverage for certain costs and unauthorized electronic fund transfers.

If you believe there was fraudulent use of your information and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent at 1-877-890-9332. If, after discussing your situation with an agent, it is determined that Identity Restoration support is needed, then an Experian Identity Restoration agent is available to work with you to investigate and resolve each incident of fraud that occurred (including, as appropriate, helping you with contacting credit grantors to dispute charges

---

1 Offline members will be eligible to call for additional reports quarterly after enrolling.

2 The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).

Please note that this Identity Restoration support is available to you for one year from the date of this letter and does not require any action on your part at this time. The Terms and Conditions for this offer are located at www.ExperianIDWorks.com/restoration. You will also find self-help tips and information about identity protection at this site.