Updated Tuesday, April 9, 2019
flexPATH Strategies, a subcontractor that provides Multnomah County’s retirement plan consultants with investment analysis, this week sent letters to any plan participants at the County impacted by a security breach the company experienced. The breach potentially involved the personal information of 5,945 current and former employees. The company notified the County last month, and this week, flexPATH mailed affected plan participants directly with information on how to get help.
The breach did not involve, compromise, or impact any Multnomah County information systems.
What happened:
flexPATH informed the County that the names and Social Security numbers of current and former employees was compromised. The County only has details as provided by the County subcontractor, flexPATH. flexPATH is a subsidiary of the County's deferred compensation plan advisor, SST.
What has the County done?
The County has provided an initial notification to many of its current plan members who are also current employees. flexPATH mailed a formal notification letter to their home addresses.
The notification from flexPATH includes offers of free credit monitoring and contact information. A sample of the letter flexPATH sent to employees is as follows: Sample flexPATH letter to employees. (429.78 KB). The County has also asked flexPATH to notify employees of all of the personal identifiers compromised in their breach notification letter.
How do County current and former employees know if their information was held by this company?
The County was able to identify the current employees affected, email them directly. Anyone with questions should email flexpathinfo@multco.us and someone will get back to you.
What’s next?
The County takes privacy and security very seriously and want to keep you informed and apprised of what we know as more information becomes available.