CLIENT or CLIENT customers can report a Consumer who suspects or has evidence of Identity Theft to defend-id for assignment to a Recovery Advocate through a secure web portal or by a designated toll-free phone number. A Consumer Plan Member may also contact defend-id directly using a designated toll-free phone number. In the case of online submission, CLIENT or CLIENT customers will verify the consumer’s eligibility for benefits and defend-id will respond to the Consumer within one business day of submission of the request for defend-id Services.

If the Recovery Advocate determines that Identity Theft or a compromise has occurred, a Recovery Advocate will provide the following services as needed:

1. Directly contact the Plan Member or Affected Consumer and open an Identity Theft recovery case.
   1. The Recovery Advocate will attempt to contact the Plan Member or Affected Consumer by phone at least three (3) times within five (5) business days following submission of the case and, if there is no phone contact, will send an email to the Plan Member or Affected Consumer if an email address is provided.
   2. If no response from the Consumer within five (5) business days of the case submission, defend-id will mail a letter to the Consumer at the address provided by the person who submitted the case advising the Consumer of our attempts to contact them and will close the case as “no response”.
2. Provide initial consultation and analysis with the impacted Consumer to identify potential compromise or confirmed Identity Theft.
   1. Collect information regarding misuse of the Consumer’s accounts.
   2. Create and maintain a case file to document the identity fraud.
   3. Access and review the Consumer’s credit files with the Consumer to determine the accuracy of the file and potential areas of fraud.
3. Provide the impacted Consumer with a secure login to a complementary personal subscription to the defend-id Services which includes:
   1. The ability for the Consumer to initiate three-bureau credit monitoring and other complimentary identity detection services for the duration of the recovery process and for twelve (12) month thereafter.
   2. Alerts of new or suspicious activity, sent as often as daily by email or email and SMS text.
   3. The ability for the Consumer to view recovery case notes and other documentation online.
   4. The ability for the Consumer to access, view and print recovery case documents uploaded on their behalf by their Recovery Advocate.
4. Provide a recovery package via overnight mail or email, at the option of the Consumer and at no cost to the Consumer, with the necessary forms and instructions, including a limited power of attorney authorization form and Identity Theft affidavit.
   1. Recovery package will include instructions for the completion of the included documentation as well as the direct contact information (name, email, phone, and fax) for the Recovery Advocate assigned to the case.
   2. Recovery package will include return instructions including prepaid overnight postage.
   3. If the package is not returned within ten (10) business days of the delivery, the Recovery Advocate will attempt to contact the Plan Member or Affected Consumer by phone at least three (3) times in the following five (5) business days. If there is no phone contact and there is an email address provided, the Recovery Advocate will send an email to the Plan Member or Affected Consumer.
   4. If there is no response from the Plan Member or Affected Consumer within ten (10) business days of the recovery package delivery, the Recovery Advocate will mail a letter to the Affected Consumer at the address provided by the person who submitted the case advising the Affected Consumer of our attempts to contact them and close the case as “no response”.
5. Diligently strive to restore the Consumer’s identity to pre-Identity Theft event status, by conducting the work necessary to reverse Identity Theft and restore the Consumer’s identity, as appropriate:
   1. Assist the Consumer with the placement of fraud alerts with the three major credit bureaus
   2. Notify the three major credit bureaus, and the Consumer’s affected creditors, financial institutions, utility providers and other impacted entities of suspected or confirmed Identity Theft.
   3. Provide assistance with filing a Police Report to document the Identity Theft.
   4. Research and investigate potential damage to Consumer’s identity with creditors, governmental agencies, financial institutions and others.
   5. Provide assistance with obtaining and reviewing the Consumer’s Social Security Personal Earnings and Benefits Statement.
   6. Provide information to the Federal Trade Commission, and to other government agencies, as appropriate.
   7. File disputes with financial institutions, creditors, government agencies and others disputing the fraudulent activity on behalf of the Consumer utilizing a limited power of attorney.
   8. Provide follow-up with entities to whom disputes have been filed until fraudulent activity has been reversed or deemed valid.
   9. Provide other assistance as defend-id might reasonably be able to offer a Consumer on a case by case basis as determined at the sole discretion of defend-id. Such other assistance as may be agreed upon by the parties or defend-id and the Consumer.
6. Assist the Consumer in replacing lost or damaged documents and credentials such as credit cards, U.S. passports, insurance policies, licenses and other local, state andU.S. government issued documents. This Service is available to all Eligible Consumers regardless of whether or not a Consumer has declared an Identity Theft event.
7. Following the recovery process, the Recovery Advocate will:
   1. Provide confirmation, using the Consumer’s preferred communication method, to the Consumer that the case has been closed and Identity Theft has been resolved.
   2. Provide access for the Consumer to their credit reports from the three bureaus to prove that fraudulent activity has been expunged, as appropriate.
   3. Provide Consumer with access to continued complimentary credit monitoring for 12 months following the resolution of the Identity Theft case.
   4. Periodically contact the Consumer throughout one year following resolution of their Identity Theft recovery case.
   5. Provide Consumer with access to education through online resources, including interactive Identity Theft risk test, protection tips, news and other general Identity Theft awareness information.

1. Credential Vault - A service which provides an on-line means for the Consumer to store information on no less than 50 critical or sensitive documents and credentials such as bank accounts, credit cards, passports, mortgages and other loans.
2. Internet Dark Web Monitoring - A form of identity monitoring with daily alerts to identify inappropriate instances of the Consumer’s personal information on the internet, including black market sites and records derived from known data breach events. The service provides a means for the Consumer to register no less than 50 bank accounts, credit cards and other sensitive information and credentials to be monitored together with their personally identifying information provided by the Consumer during registration and maintained in the Profile section within the Consumers’ account. Alerts are triggered upon the first discovery of the suspicious information and are delivered by email and by optional SMS text message. Results include the information that was found and the source of the suspicious information.
3. SSN Monitoring - Monitors for changes in the Consumer’s name and/or aliases in their TransUnion credit file. Alerts are triggered upon a change in the status of the name/SSN combination and are delivered by email and by optional SMS text message,
4. Criminal Data Monitoring - Monitors state and local arrest and incarceration records for any records matching the Consumers personally identifying information. Alerts are triggered upon the discovery of a match between the registered Consumer and the criminal records database and are delivered by email and by optional SMS text message.
5. Address Change Monitoring - Monitors for any type of address change in a Consumer’s TransUnion credit file. Alerts are triggered upon the discovery of an address change and are delivered by email and by optional SMS text message.
6. Identity Theft Expense Reimbursement Insurance - Consumer insurance that pays for expenses incurred in the recovery of a Consumer’s identity with specific aggregate limits. All levels of coverage have no deductible. This description is a summary only. It does not include all terms, conditions and exclusions of the policies described. Coverage is not available to residents of the state of New York and may not be available in all jurisdictions in the future.

1. Pre-Data Breach Services - The following Services are available to Plan Members at any time during the Benefit Period, regardless of whether the Plan Member has declared a Data Breach event.
1. Cyber Security Risk Assessment Questionnaire with recommendations to reduce risks identified by the assessment available for viewing and download.
2. Template Information Governance Policy and Action Plan available for viewing and download.
3. Various educational materials available for viewing or download.
4. Quarterly cyber security webinar training sessions.
5. Quarterly email newsletters focused on cyber security issues including information privacy legislative issues and emerging cyber threats.
6. Monthly cyber security event summary email.
7. Flash email alerts concerning immediate cyber threats.
8. Business Internet Credential Monitoring for up to 50 sensitive business credentials such as bank or credit card account information.
9. Additional, optional live and/or onsite information governance and cyber security consulting and training at preferred rates available only to Plan Members.
10. Live consultation with an information governance and cyber risk expert. The length of this consultation period is stated in each executed SOW.
2. Data Breach Response Planning and Notification Services - The following Services are available in response to a Data Breach event declared by Plan Member:
1. Services are limited to the number of Data Breach events stated in each executed SOW. Services for additional Data Breach events are available for an additional fee.
2. Services are limited to Data Breach Events which involve sensitive, personally identifiable information or data relating to employees, customers, clients or other Consumers which is gathered, and stored on local servers. Services are not available where this information or data originates from offices, branches or locations that are not Plan Member’s but are connected to the Plan Member by a remote system.
3. Live response 24/7/365 to answer questions, receive reports of a suspected Data Breach event and recommend critical first steps.
4. Dedicated point of contact from defend-id to respond to calls, deliver critical documents and address ongoing concerns.
5. Comprehensive information gathering and assessment process to determine the nature and extent of the Data Breach event and applicable federal and state notification requirements.
6. Live consultation with an information governance and cyber risk expert. The length of this consultation period is stated in each executed SOW.
7. Creation of a detailed plan and timeline to provide a response to the Data Breach event.
1. Recommend notification letter content to governmental agencies and Affected Consumers based on the circumstances and compliance requirements of the Data Breach event.
2. Recommendations and preferred pricing for additional services to Affected Consumers that may be required or beneficial including credit or non-credit monitoring and identity theft recovery services.
3. Recommendations and preferred pricing for address management, mailing and call center services that may be required or desirable to incorporate into the response plan.
4. Recommendations concerning public relations communications and frequently asked questions to employees, the press, general public and others.
5. Recommendations concerning communication and interaction with law enforcement agencies.
3. Provide preferred pricing for optional, additional services as elected by the Plan Member to support the specific needs of the response plan:
   1. Optional live and/or onsite post event consultation, investigation and forensic analysis services for an additional fee.
   2. Internet Monitoring - A form of identity monitoring with daily alerts to identify inappropriate instances of the Affected Consumer’s personal information on the internet, including black market sites and selected social networking sites (Facebook, Twitter and LinkedIn). Credential Vault provides a means for the Affected Consumer to securely register up to 50 bank accounts, credit cards and other sensitive information and credentials to be monitored together with their personally identifying information provided by the Affected Consumer during registration.
   3. Public Records/Database Monitoring - a form of identity monitoring which analyzes very large quantities of public and purchased data to provide daily alerts when changes are found in the Affected Consumer’s personal information, including name, address, date of birth and SSN, that may indicate possible identity fraud.
   4. One Bureau Credit Report with Score.
   5. Three Bureau Merged Credit Report with Scores - from Experian, Transunion and Equifax.
   6. One Bureau Credit Monitoring of the Affected Consumer’s credit file with email and optional text alerts to changes in their credit profile.
   7. Three Bureau Credit Monitoring of the Affected Consumer’s Experian, Transunion and Equifax credit files with daily or weekly email and optional text alerts to changes in their credit file with any of the three credit bureaus.

1. Services, equal to the Services described in item 1 above, are available at any time during the Term subject to the terms and conditions of this Agreement.
2. Services for Fully Managed Recovery are limited to the number of Affected Consumers per Data Breach event stated in each executed SOW. Additional Services for Fully Managed Recovery for Affected Consumers are available for an additional fee.
3. Affected Consumers must be clearly identified to defend-id by name and address in an electronic format approved by defend-id.

1. Fully Managed Recovery Services for Employees of the Plan Member and Their Eligible Family Members.
   1. Services, equal to the Services described in item 1 above, are available at any time during the Term subject to the terms and conditions of this Agreement.
   2. Eligibility for Services to the employee or their eligible family member is based on identity theft events that are discovered or first known to the employee or their eligible family member and reported to defend-id during the benefit period. Identity theft events that are discovered or first known to the employee or their eligible family member prior to their benefit period are not eligible for Services under this Agreement.
2. Identity Fraud Recovery Services for Business Plan Members

   If business identity theft occurs a professionally-trained Identity Theft Recovery Advocate, who is an employee of defend-id, will be assigned to provide the following services as needed:

   1. Business identity fraud recovery services may not be combined in the same product bundle with any other business service.
   2. Services are limited to two (2) Business Identity Theft events in any twelve (12) month period.
   3. Initial response by defend-id within one business day.
   4. Advice for the Company Representative on any immediate actions that would be prudent to stop the damage from continuing.
   5. Notification to the three major business credit bureaus, Better Business Bureau and the business Plan Member’s affected creditors, financial institutions, and other agencies as appropriate.
   6. Assistance with filing a police report, as necessary.
   7. Collect information regarding the misuse of the Business Plan Member’s accounts.
   8. Create and maintain a case file to document the identity fraud.
   9. Provide an initial review, and follow up reviews as needed, of the Business Plan Member’s Dun & Bradstreet (“D&B”) business credit report with the Company Representative to determine potential areas of fraud.
   10. Provide monitoring of the Business Plan Member’s D & B business credit report to identify potentially fraudulent activity. Monitoring will continue for a period of one year including the recovery period.
   11. Provide information to the Secretary of State, State Corporation Commission, FTC, and to other government agencies as appropriate.
   12. Research and investigate potential damage to the Business Plan Member’s identity and diligently strive to restore the business Plan Member’s identity to pre-event status.
   13. Other assistance as defend-id might reasonably be able to offer to the Business Plan Member as determined at defend-id’s sole and absolute discretion.
   14. Such other assistance as may be agreed upon by defend-id and the Business Plan Member.