1. What happened?

On February 26, 2020, Rogers became aware that one of our external service providers had inadvertently made information available online that provided access to a database managed by that service provider. We immediately made sure the information was removed and began an investigation to see how many customers might have been impacted. No credit card, no banking, or no password information was exposed. We are directly contacting any customer whose information was in the database. We sincerely apologize for this incident and regret any inconvenience this may cause.

2. How do I know if I was impacted?

Rogers is directly contacting all customers whose information is included in the database via email. If we don’t have an email address on file for you, you will receive a letter.

3. What information was visible?

Customer information that was used by the service provider to fulfill promotional offers on behalf of Rogers was included in the vendor database. This was limited to customer name, address, account number, email address and telephone number. No credit card, no banking, or no password information was exposed.

4. How do I know my account information is safe?

Rogers customer databases remain secure and were not impacted by this incident. We are committed to protecting our customers’ personal information and acted quickly to secure customer information. We have rigorous policies and procedures in place to fully comply with all Canadian privacy laws and regulations, and act promptly if an issue arises.

5. What have you done to ensure this doesn’t happen again?

We take the protection of our customer’s private information seriously, and regret what occurred. We immediately made sure customer information was secured. We require our vendors to use best-in-class privacy and security measures to protect customer information. Best practices are constantly evolving, and we will continue to review our policies and procedures and update if necessary.

6. What are you doing to protect impacted customers?

Securing impacted customers’ accounts is the most important action a company can take during a privacy incident and we immediately took steps to do so. As a precaution, we’re taking extra steps to protect affected customers. This includes:

• notifying impacted customers directly

• offering a complimentary credit monitoring service through TransUnion that provides credit monitoring and alerts, and fraud identity insurance. Customers who are affected will receive details in the email or letter we send them.

• adding extra authentication procedures to impacted accounts. When those customers call us to discuss their account, they will be asked for additional information to verify their identity. This is information that’s easy for the customer to provide and would only be known by them

Some wireless account numbers were included in the vendor database. If a customer’s wireless account number was included, we added a block to their account (called port protection) to prevent their phone number from being transferred to another carrier without their authorization. Customers can call us if they wish to remove this block.

Customers can also add additional security measures to their account, such as adding a security PIN or registering for the Voice ID program, by contacting us directly.

7. How do sign up for the credit monitoring service?

Impacted customers will receive a notification that includes details of an activation code. If you receive a notification and wish to activate this service, please go to www.mytrueidentity.ca and enter your activation code by June 30, 2020. The service includes:

• Daily access to your credit score on Trans Union’s website, as well as credit report monitoring and alerts of key changes

• Monitoring hidden websites where personal information might be made available to unauthorized users

• Up to $50,000 in fraud identify insurance should your information be compromised.

8. I didn’t get an email with an activation code number. How do I get a code number?

If you did not receive a notification from us, then you were not impacted by this event. If you have misplaced your activation code, please contact our customer service team for further assistance.

9. What can I do to protect myself?

In addition to the security measures taken by Rogers, customers are encouraged to adopt good habits to ensure their personal information remains secure. For example:

• change your passwords and security questions frequently;

• review all your service and financial accounts for any suspicious activity;

• never click links or open attachments in unsolicited emails and text messages;

• use secure WiFi connections when making online purchases or checking bank accounts;

• be suspicious of any emails or text messages asking for personal information; and

• contact us if you have concerns about any activity on your Rogers account.

Visit www.rogers.com/contactus for assistance