InStream, a company based in Buffalo, has disclosed a data privacy event involving unauthorized access to its systems, raising concerns for clients regarding the security of their personal information.
The data incident was identified after the company noticed performance issues with its systems during the week of July 20 to July 25, 2024. After conducting an investigation, InStream found that an unknown actor was able to access certain systems in its Buffalo office, during which data was copied from the network. "We take this event very seriously and we moved quickly to investigate and respond," said InStream’s spokesperson.
"We take this event very seriously and we moved quickly to investigate and respond,"
The company completed its careful review of the data by April 23, 2025, which indicated that various types of sensitive information were involved. This included names, addresses, dates of birth, Social Security numbers, government-issued identification, financial account details, medical information, health insurance data, student identification numbers, and academic records.
As part of remediation efforts, InStream has since implemented several protective measures to enhance the security of its systems. The steps taken included securing the network, taking affected systems offline, conducting thorough investigations, and notifying law enforcement authorities. Alongside these actions, InStream began informing potentially affected clients and individuals as more information became available.
Impact and Legacy
InStream also reached out to those potentially impacted to provide assistance. "In addition to this website notice, notices were mailed to individuals, where address information is available," said the spokesperson. The company also took an extra precaution by offering complimentary credit monitoring services to affected individuals to help safeguard their personal information.
"In addition to this website notice, notices were mailed to individuals, where address information is available,"
InStream emphasizes that individuals should remain vigilant against identity theft and fraud. "We encourage individuals to review their account statements and monitor their credit reports for any suspicious activity," noted the spokesperson. Prompt reporting of unusual activity to relevant organizations is advised.
"We encourage individuals to review their account statements and monitor their credit reports for any suspicious activity,"
For additional support, InStream has established a dedicated assistance line for inquiries about the incident. Those concerned about the event are encouraged to reach out at 833-931-7884 for further information.
InStream also provided suggestions on how individuals can protect their personal information from potential misuse. Consumers are entitled to one free credit report annually from each of the major credit bureaus: Equifax, Experian, and TransUnion. They can obtain this report at www.annualcreditreport.com.
Furthermore, individuals can choose to place fraud alerts or credit freezes on their credit reports at no cost. A fraud alert requires creditors to take additional steps to verify identity, while a credit freeze prohibits the release of credit report information without the consumer’s authorization. Consumers seeking to initiate these actions must provide certain identifying information, potentially including a police report in cases of identity theft.
Looking Ahead
As organizations continue to face cybersecurity threats, InStream's proactive approach illuminates the importance of data security measures and the need for continuous improvement in these practices. The company’s ongoing commitment to strengthening its policies and security tools will be instrumental in preventing similar occurrences in the future and reassuring clients of their commitment to information safety.
