Notice to Our Employees of Data Security Incident

Star Group, L.P. (“Star”) is committed to protecting the privacy of our employees’ information. We are currently in the process of notifying current and former employees, as well as certain beneficiaries and dependents of those employees, of an incident that involved some of their information. This notice describes the incident, measures we have taken, and some steps that our employees may consider taking in response.

We identified a security incident that resulted in the encryption of certain systems within the Star environment. We immediately began to investigate, an outside cybersecurity firm was engaged, law enforcement was contacted, and actions were taken to address the incident and restore operations. Based on our investigation, we determined that an unauthorized person obtained access to systems between July 15, 2021 and July 17, 2021, and accessed information maintained on our systems. Over the past several months, we have been working to determine the extent of the access and specifically which documents were involved and their content. Although this review is ongoing, on August 24, 2021, we discovered that the information accessed by the unauthorized person included documents relating to Star Group’s health plan. At this point in our review, it has been determined that the documents included some of plan members’ information, including names and Social Security numbers, and may have contained one or more of the following: addresses, dates of birth, and health insurance information, such as member identification numbers, claims data and plan selection information.

We are mailing letters to all current and former employees, as well as certain beneficiaries and dependents of those employees, whose information is identified in the documents involved. We have also established a dedicated, toll-free call center to answer employee questions. If you have questions, please call 1-855-551-1668, Monday through Friday, from 9:00 a.m. to 6:30 p.m., Eastern Time. For those whose Social Security numbers and/or driver’s license numbers are involved, we are offering complimentary credit monitoring and identity protection services. We also recommend that you remain vigilant for signs of unauthorized activity by reviewing any statements that you receive relating to your health insurance. If you identify any charges or activity that you did not authorize, please contact us immediately.

Star sincerely regrets that this incident occurred and apologizes for any inconvenience this may cause you. To help prevent something like this from happening again, and to further protect health plan data, we took steps to enhance our existing network security protocols and enabled technical protections and monitoring tools on our systems.