Delorme has just announced a major theft of all their user personal information. If you have a delorme unit, it may be worthwhile to see what they stole and taking appropriate actions. It looks like they don't take any responsibility for protecting the data.
I use the Delorme Inreach SE for emergency
communication and tracking on bluewater trips. I know some use this same unit for remote
backcountry location and communications
as well. Delorme, as a smaller sized company than say Iridium
, has just announced in the email
below that its system was hacked and all personal data including emergency
contacts and even your medications that you were taking has been lost
and likely sold on the open market.
Here is a copy of the email
sent to me: Dear inReach Customer,
We are contacting you because we have learned of a data security
incident that occurred on March 11, 2015, which involved some of your personal information.
The incident involved Explore.DeLorme.com accounts for inReach satellite
communicators activated between July 30, 2014 and March 5, 2015. Suspicious activity was detected by a member
of DeLorme's web team who was conducting a routine daily review of the activity log. The specific security
issue was identified and we began applying corrective actions within the hour, which will minimize the effect of the incident and prevent its recurrence. DeLorme has also notified, and is working with, appropriate law enforcement officials to investigate the issue. While this cyber attack was not severe, DeLorme is taking this event very seriously. We are in the process of implementing even stricter login/password requirements and processes, as well as an extensive audit of our public-facing access methods.
The information potentially accessed by the cyber attackers contained inReach customer names, mailing addresses, email addresses, telephone numbers, text in the emergency notes field, and, in some cases, dates of birth, as well as the names and addresses of individuals identified by customers as emergency contacts. No other information was compromised, specifically no financial information, passwords or other personal identity information, such as credit card numbers and bank account information. All inReach message traffic, GPS
location information, and contact address books
stored in the Explore portal remain secure and uncompromised. As a reminder, DeLorme does not ever collect customers' social security numbers.
While we have no information to indicate that your information has been or will be misused, we believe it is important that you be informed of this incident and that you take precautions to protect against possible misuse or identity theft. While no password information was compromised in this incident, we are notifying you so you can take action, along with our efforts, to minimize potential harm. We strongly encourage you to take preventive measures now to help prevent and detect any misuse of your information and ensure a safer online experience, such as the following:
(1) Frequently change any passwords that you use with any websites, including your Explore.DeLorme.com login. Be sure to create strong passwords that include a combination of letters, numbers and special characters. For tips on creating a strong password and other online safety
suggestions, visit: https://passwordday.org/en/
(2) Report any suspicious emails or phone
calls you receive from someone claiming to be from DeLorme or associated with our inReach product. DeLorme will never ask you for your social security or other ID numbers, such as passports and driver's licenses. To report any suspicious activity, please email us at firstname.lastname@example.org
. If someone claiming to be from DeLorme contacts you via phone
and you have any doubts or concerns, please end the call immediately and contact us directly through one of our official communication methods to complete the conversation or report your concerns.
We sincerely regret that your information may have been subject to unauthorized access and any subsequent inconvenience that this incident presents to you. DeLorme is committed to maintaining the privacy of your information and takes many precautions for the security of personal information. As such, we are committed to continually improving our systems and practices to enhance the security of sensitive information.
If you have any questions concerning your account or this incident, please do not hesitate to contact us. You can reach the Customer Care Team via our contact page.