XML 34 R21.htm IDEA: XBRL DOCUMENT

Note 15 - Cyber Event	12 Months Ended
Dec. 31, 2022
Notes to Financial Statements
Cyber Event [Text Block]	*Note 15.* Cyber Event** On December 25, 2021, we detected a ransomware attack that accessed and encrypted a small portion of our information technology systems. The unauthorized access included the download of non-payment processing related data files from our externally hosted Office 365 environment which is separate from our payment processing environment. Throughout the incident, we remained operational. Promptly upon the detection of the event, we launched an investigation, notified law enforcement and our insurance carrier, and engaged legal counsel, computer forensic firms and other incident response professionals. We also implemented a series of containment and remediation measures to address this situation and reinforce the security of our information technology systems. Our systems were not only fully restored and capable of resuming normal operations to the extent they were impaired, but enhanced following our immediate and long term response. This cyber event had no material impact on the business, and no cardholder, or payments related data was compromised. The Company has undertaken and continues to undertake certain system upgrades and re-platforming efforts designed to improve the security, availability, reliability, resiliency, and speed of its information technology systems in order to prevent and mitigate such events in the future, and believe this incident to be resolved.

Note 15 - Cyber Event

12 Months Ended

Dec. 31, 2022

Note 15. Cyber Event

On December 25, 2021, we detected a ransomware attack that accessed and encrypted a small portion of our information technology systems. The unauthorized access included the download of non-payment processing related data files from our externally hosted Office 365 environment which is separate from our payment processing environment. Throughout the incident, we remained operational. Promptly upon the detection of the event, we launched an investigation, notified law enforcement and our insurance carrier, and engaged legal counsel, computer forensic firms and other incident response professionals. We also implemented a series of containment and remediation measures to address this situation and reinforce the security of our information technology systems. Our systems were not only fully restored and capable of resuming normal operations to the extent they were impaired, but enhanced following our immediate and long term response.

This cyber event had no material impact on the business, and no cardholder, or payments related data was compromised. The Company has undertaken and continues to undertake certain system upgrades and re-platforming efforts designed to improve the security, availability, reliability, resiliency, and speed of its information technology systems in order to prevent and mitigate such events in the future, and believe this incident to be resolved.