Notice of Data Incident

NOTICE OF DATA INCIDENT

What Happened?

In September 2025, the Public Relations Society of America (“PRSA”) detected suspicious activity in its computer systems and immediately launched an investigation and took steps to contain and remediate the situation, including isolating the potentially impacted systems, changing relevant passwords, notifying federal law enforcement, and engaging data security and privacy professionals to assist with its response. Based on the findings from the investigation, an unauthorized actor gained access to the PRSA server environment and copied a limited amount of data. PRSA has worked continuously since September to investigate the matter and identify the individuals whose data was potentially impacted in order to notify them as soon as possible. PRSA is unaware of any identity theft or financial fraud resulting from this incident.

What Information Was Involved?

Based on the findings of the investigation, the following types of information may have been impacted: name, date of birth, Social Security number, driver’s license number, passport number, financial account information, health insurance information, medical condition or treatment information, user name and access information for a non-financial account, student identification card number, and/or, in very limited situations, credit card information.

Note that this describes general categories of information identified as present within the affected PRSA files during the incident and includes categories that are not relevant to each individual whose information may have been present.

What We Are Doing.

Upon becoming aware of the incident, PRSA conducted a thorough investigation with the assistance of data security professionals, contained and remediated the unauthorized activity, and reported the incident to federal law enforcement. After determining that there was unauthorized activity within PRSA’s systems, PRSA immediately began analyzing the information involved to confirm the identities of potentially affected individuals and notify them. The PRSA team has worked diligently to complete its investigation and report this incident to relevant government agencies.

What Can Impacted Individuals Do?

PRSA encourages individuals to remain vigilant against potential identity theft and fraud, regularly monitor free credit reports, review account statements, and report any suspicious activity to financial institutions. Under U.S. law, individuals are entitled to one (1) free credit report annually from each of the three (3) major credit reporting bureaus. Please also review the “Additional Resources” section below, which outlines other resources you can utilize to protect your information.

We take this incident and the security of information in our care seriously. If you have any questions, you may contact us at 844-443-1769 Monday through Friday from 9 am to 6:30 pm Eastern Time (excluding U.S. holidays).

Steps You Can Take to Protect Your Personal Information

To obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.

Alternatively, affected individuals can contact the three (3) major credit reporting bureaus directly at the addresses below:

Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2104, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19022, www.transunion.com, 1-800-888-4213

Free Credit Report. It is recommended that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit report for unauthorized activity. You may obtain a copy of your credit report, free of charge, once every twelve (12) months from each of the three nationwide credit reporting agencies.

To order your annual free credit report please visit www.annualcreditreport.com or call toll free at 1-877-322-8228.

You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

Fraud Alert.You may place a fraud alert in your file by calling one of the three nationwide credit reporting agencies above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit.

Security Freeze.You may obtain a security freeze on your credit report, free of charge, to protect your privacy and ensure that credit is not granted in your name without your knowledge. You may also submit a declaration of removal to remove information placed in your credit report as a result of being a victim of identity theft. You have a right to place a security freeze on your credit report, free of charge, or submit a declaration of removal pursuant to the Fair Credit Reporting Act (“FCRA”).

The security freeze will prohibit a consumer reporting agency from releasing any information in your credit report without your express authorization or approval. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. When you place a security freeze on your credit report, you will be provided with a personal identification number, password, or similar device to use if you choose to remove the freeze on your credit report or to temporarily authorize the release of your credit report to a specific party or parties or for a specific period of time after the freeze is in place.

To place a security freeze on your credit report, you may be able to use an online process, an automated telephone line, or a written request to any of the three credit reporting agencies listed above. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Department of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, and display your name, current mailing address, and the date of issue.

FTC and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the FTC and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. Contact information for the Consumer Response Center of the FTC is 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/ or 1-877-IDTHEFT (438-4338).