Update July 2, 2025
Last month, Doyon shared information about a data security incident our company experienced in April 2024. In an effort to continue communication about this incident, we would like to answer some Frequently Asked Questions about the event, Doyon’s response, and what we’re doing to assist impacted individuals.
Q: What happened?
A: In April 2024, Doyon was targeted by a criminal hacker utilizing sophisticated cyberattack tools. Since the incident, Doyon has worked with law enforcement and undertaken a thorough investigation. Doyon has also taken steps to enhance network security and taken additional security measures. With the help of Kroll, an outside incident response consultant, Doyon is notifying individuals whose personal information was identified as potentially being impacted and offering them the ability to sign up for free credit monitoring to protect against identity theft.
Q: I received a letter in the mail. Is this fraudulent, a scam, or a real incident?
A: A letter on Doyon, Limited letterhead was issued to individuals who were identified as having personal information potentially impacted in response to a real data security incident. We encourage those potentially impacted to take advantage of the identity monitoring services offered.
The letter received is specific to each individual recipient, and those individuals need to contact Kroll if they want to enroll in credit monitoring services. If you have questions about how to enroll, please call Kroll.
Q: What services am I being offered?
A: Doyon has offered free credit monitoring implemented through a third-party consultant to individuals whose personal information was identified as being potentially impacted by the incident. Although not every state requires it, Doyon is offering this service at no cost for two years to individuals whose personal information is known to potentially be affected, which goes above and beyond most states’ requirements. Doyon has also provided notified individuals with recommendations and a guide for contacting the credit reporting agencies to initiate a fraud alert or a security freeze, and steps on how to report incidents of fraud and identity theft to the Federal Trade Commission, and information about reporting to law enforcement.
Q: Why has it taken so long to notify me?
A: Doyon immediately notified law enforcement officials and launched an investigation into the incident. With the help of outside counsel and incident response experts, Doyon undertook a complicated process of working to identify people whose personal information may have been impacted and who required notice under applicable law. Doyon takes your privacy seriously and takes its responsibility to protect your privacy seriously. Doyon apologizes for whatever inconvenience this incident may cause you and wants to be sure that you are aware of the credit monitoring service and advice described in the letter you received.
Q: I did not receive a letter notifying me to call Kroll or that my information was breached. What can you tell me?
A: Our outside incident response consultant Kroll sent or is sending notification letters to individuals if Doyon determined that their Personal Information or Protected Health Information may have been affected by the incident, in accordance with legal requirements. If individuals do not receive a letter from Kroll, Doyon has not concluded that their Personal Information or Protected Health Information may have been compromised.
Update June 12, 2025
In April 2024, Doyon, Limited was targeted by a criminal hacker that used sophisticated cyberattack tools to gain unauthorized access to our IT systems and steal information.
Our IT team moved quickly to contain the incident. Thanks to swift action, Doyon restored systems within 48 hours. Critically, there were no major disruptions to business operations during the incident.
Doyon reported the incident to law enforcement and retained outside counsel, which engaged an outside incident response consultant to help investigate and assess Doyon’s legal obligations.
After a thorough forensic investigation, we determined that the hackers possibly accessed files containing some Personal Information (PI), as defined under different states’ laws, and Protected Health Information (PHI), as defined under the federal Health Insurance Portability and Accountability Act (HIPAA). Some Doyon shareholders, current and former employees, and their dependents are among the individuals affected.
We know this news is concerning. That’s why Doyon is offering two years of free credit monitoring to all individuals whose information was affected through our partner, Kroll. Letters are being mailed directly to impacted individuals with instructions on how to enroll in these services and further safeguard their data. If individuals do not receive a letter from Kroll, Doyon did not conclude that their PI or PHI may have been compromised.
Since the incident, Doyon has implemented a range of new security measures across the company. Our IT team, supported by external experts, continues to prioritize and enhance system security. While many protections are behind the scenes, some users may have noticed changes and may encounter new changes as we continue to strengthen safeguards and train employees.
For the latest updates, or if you have further questions about this incident, please reach out to our support team at data.security@doyon.com. Our priority in responding to this incident is to protect our systems and support individuals impacted. Doyon has also set up a phone number where people can leave a voice mail with questions and concerns, the phone number is 907-452-0507.
