Nov 6, 2024

Dear valued NotaryPro clients,

We are reaching out to both notify and inform you of a recent privacy matter specifically concerning the NotaryPro in-person appointment confirmation system. This communication is intended to provide comprehensive details surrounding the situation, as we prioritize transparency in our data handling practices.

Description of the Issue

Though we do not have an exact start date, we have ascertained that, from an approximate timeframe beginning on or around July 1, 2023, and extending to approximately December 31, 2023, a technical issue associated with our website inadvertently led to a number of in-person notary service appointment confirmation pages being indexed solely by the Bing search engine. This indexing occurred as a result of a technical error that stemmed from a misconfiguration within the ‘noindex’ code settings on the confirmation pages, thereby enabling the Bing search engine to include those pages in specific search results.

These confirmation pages load exclusively and immediately after an individual successfully schedules an appointment, and are specifically for the purpose of allowing clients to conveniently print their appointment details. Outside of this purpose, these pages are not accessible from any NotaryPro website menu or submenu and are, by design, isolated from typical user navigation pathways through the use of a numeric order number URL.

Information Contained on the Confirmation Page

The confirmation pages generated for in-person notary services contained a limited subset of viewable personal information, as follows:

• Client’s Full Name
• Client’s Email Address
• Appointment Date and Time, and the service location, specifically and only the address of the Notary Public office where the scheduled notary service was set to occur. These Notary Public office addresses are already publicly viewable, searchable and readily available via regular search results and are part of how clients discover NotaryPro locations.
• Client’s Phone Number* (*this was accessible only via a web browser code inspection tool and was not viewable on the website itself, as explained in further detail below.)

It is important to note that there was no public exposure of other sensitive or more extensive personal information. Specifically, details such as mailing addresses, service specifications, document descriptions, or any payment-related information were not included on these publicly accessible confirmation pages. Additionally, our in-person notary service intake process does not collect information such as mailing addresses or credit card numbers, and never has.

Phone Number Visibility via Code Inspection Tool

We would like to clarify that, while it was technically feasible for an individual to access a client’s phone number using a browser’s developer inspection tool to view a data object embedded in the website’s underlying code, this particular phone number information was not displayed within the list of indexed search results visible to the general public.

Extent of the Issue

Our records indicate that approximately 100 confirmation pages were confirmed to have been indexed and cached by Bing, and these pages could have potentially appeared in certain search result combinations. For example, if an individual were to search for “NotaryPro” combined with the full name or email address of a person who had previously booked an in-person notary appointment, or by searching for the individual’s name alone, there was a possibility of the confirmation page appearing in the search results.

It should be noted that a general search solely using an individual’s name may not have guaranteed that the confirmation page would appear on the first page of Bing’s search results; however, this type of result was still theoretically possible under certain circumstances.

Our in-depth investigation into the website traffic analytics reveals that only one specific confirmation page was accessed more than once. This repeated access was primarily due to NotaryPro’s own investigative steps taken after being alerted by an individual whose confirmation page had appeared in Bing search results. We are actively continuing to monitor for any additional instances and will take prompt action as needed.

Actions Taken to Address this Issue

Upon becoming aware of this technical issue, beginning on September 5, 2023, we immediately initiated a series of corrective actions, including but not limited to the following steps:

1. We instructed our web developer to comprehensively ensure that all historic and existing confirmation pages were thoroughly deleted and to establish safeguards to prevent future indexing.
2. The website code was updated to enforce an automated deletion process whereby all new confirmation pages are erased 3 days after the appointment date.
3. We implemented a further update to ensure that confirmation pages no longer display full names or email addresses.
4. On September 5, 2024, we accessed Bing Webmaster tools to manually submit a request to block and de-index the confirmation pages.
5. Additionally, on October 11, 2024, we contacted Bing Support to request the immediate removal of any cached indexed pages.

Moreover, beyond these immediate actions, we conducted a thorough and comprehensive security review to proactively identify any potential vulnerabilities. Following this review, we implemented enhanced monitoring protocols to more effectively prevent similar issues from arising in the future.

What You Should Do

At this time, there is no specific action required from you. However, in addition to the extensive measures already implemented by NotaryPro, we have taken further steps to reinforce the security of client information:

• Configured indexing restrictions so that pages will be ignored by all search engines.
• Removed email addresses and full names from the confirmation pages.
• Implemented an automatic deletion policy, ensuring that confirmation pages are removed 3 days after creation.

To further protect yourself, we recommend you consider the following precautions:

• Remain vigilant for potential phishing attempts, particularly any unexpected emails claiming to originate from NotaryPro.
• Exercise caution and avoid clicking on links or downloading attachments from emails that appear suspicious.
• Report any suspicious activity to us directly via the contact information provided below or to your local authorities if necessary.

If you have any concerns or have observed your confirmation page appearing in search results, please do not hesitate to reach out to us at 1-888-313-0909 or by email at [email protected]. Our team is here to assist and address any questions you may have.

Commitment to Privacy

NotaryPro remains unwaveringly committed to safeguarding your personal information. We sincerely regret any inconvenience this incident may have caused and have taken comprehensive measures to ensure the ongoing security and integrity of our systems.

Sincerely,

The NotaryPro Team

[email protected]