Complaints

The complaint text that is displayed might not represent all complaints filed with BBB. Some consumers may elect to not publish the details of their complaints, some complaints may not meet BBB's standards for publication, or BBB may display a portion of complaints when a high volume is received for a particular business.

• Initial Complaint

  Date:12/04/2024

  Type:Customer Service Issues
  Status:

  ResolvedMore info

  Complaint statuses

  Resolved:

  The complainant verified the issue was resolved to their satisfaction.

  Unresolved:

  The business responded to the dispute but failed to make a good faith effort to resolve it.

  Answered:

  The business addressed the issues within the complaint, but the consumer either a) did not accept the response, OR b) did not notify BBB as to their satisfaction.

  Unanswered:

  The business failed to respond to the dispute.

  Unpursuable:

  BBB is unable to locate the business.

  Office staff of theirs are committing identity theft. My personal information has been compromised since I resigned over four years ago. I went to create an *** ID for my college-bound daughter just to discover that my social security number was already used to create an ID. Someone in their Arizona office used my name, address when I worked there, date of birth and social security number because there is no HR department and this information is readily available to anyone who works in the offices. My information needs to be deleted immediately. As a matter of fact, they shouldn't keep any of this information on anyone. I am now going through the hassle of contacting the colleges this person sent my information to because I need to make sure it doesn't impact my children's ability to get financial aid in the future. No current or previous employee should ever have to be concerned with their information being compromised like this. And not just employees, but anyone who submitted a canceled check or an ID to get the employment process started. They retain everything and this process, or lack thereof, needs to stop right now. I emailed them and copied AZ and IL police departments Monday, so they are aware. And I included snapshots from the information their employee used to apply to colleges. This is not my first time dealing with fraud that I have been able to link back to them. And I am absolutely certain I am not the only one whose information has been used to fraud or identity theft. Nurses, home health aides, state offices, and office staff should all be aware.

  Business Response

  Date: 12/27/2024

  Dear BBB Contact,
  We appreciate you bringing this matter to our attention. At Everest **************** Solutions,the security and privacy of personal information is of the utmost importance,and we take any allegation of improper use of personal data very seriously.
  Upon receiving this complaint, we immediately initiated a thorough internal investigation. We have taken or are taking the following steps to address the concern:
  Information Review and Verification:
  We are reviewing all internal records and systems to verify what information we have on file for the former employee and to determine if there has been any unauthorized use or access. This includes checking all HR, payroll, and administrative databases to ensure that stored information is appropriately safeguarded and accessible only to authorized personnel.  This was completed on 12/2/2024.
  Security and Access Controls:
  We are reconfirming our access protocols and ensuring that only individuals with a legitimate business need can view sensitive personal information for previous employees. This reconfirmation was completed on 12/2/2024. Our existing policies mandate strict data security measures, and we are reviewing and, if necessary, tightening these controls to prevent any form of data misuse.  This review is currently being conducted.
  Cooperation with Authorities and Agencies:
  Should the ongoing review identify any credible evidence of identity misuse, we will fully cooperate with law enforcement and relevant regulatory agencies. We are also in contact with our internal and external compliance and legal stakeholders to ensure that we meet all reporting obligations and take appropriate corrective measures.
  Employee Data Retention Policies and Training:
  Although we retain personnel records to meet legal and regulatory requirements, we are re-examining our data retention policies to confirm that all such retention meets current legal standards and is not excessive. Additionally, we will reinforce training and communication to ensure staff understand privacy and confidentiality obligations, as well as the protocols for properly handling and disposing of sensitive information.
  Direct Communication with the Complainant:
  We have reached out directly to the individual who raised the concern, offering our cooperation and guidance.  Should we find any internal lapse, we will take immediate action and inform the individual of steps taken to prevent recurrence.
  We understand the gravity of the allegations and the stress this situation may have caused.Everest **************** Solutions is committed to upholding the highest standards of data security and confidentiality. We will keep the BBB informed of our findings and any resulting actions as the investigation progresses.
  Thank you for allowing us the opportunity to respond, and please do not hesitate to reach out if you require further information or clarification.
  Sincerely,

  Everest Solutions

  Customer Answer

  Date: 01/05/2025

   
  Complaint: 22637161
  
  I am rejecting this response because it is AI-generated. The company apparently did not even review for accuracy and make appropriate edits before copying and pasting. There are no stakeholders or beneficiaries here aside from the husband and wife operators. And no one contacted me about this matter, although I requested not to be contacted. Sensitive documents should never be dumped in files for everyone's access. They should be moved to a secured file where the password is not shared throughout the office and then purged. ** employees shouldn't even be able to gain access to IL files, and vice-versa. That's how it should have been set up from the beginning, properly and securely. Everything that goes wrong here stems from the lack of operational protocols and procedures and business acumen. Employees in ********, ******* and ***** should not be sharing the same usernames and passwords. Usernames and passwords for US government websites where sharing of such information is strictly forbidden should not be carelessly handed over to employees in ***** to, essentially, run this place. They have breached and continue to breach many of the regulations that were enacted by the government to prevent this very thing from happening. Employee files should not have been used to inflate actual numbers/losses and commit PPP fraud. India employees who also work for the charting company should not be used to gain access to the employees of other local, and very reputable, home health agencies. Criminal convictions should not be covered up and lied about on government paperwork. The frauds and dysfunction at Everest start at the top and trickle down.
  
  Sincerely,
  
  ****** ******

  Business Response

  Date: 01/16/2025

  Good Day To Whom It may concern,

  As a disclaimer this is not an AI generated response. 
  
  Thank you again for raising your concerns.  We assure you this message is not generated by any automated process but rather composed by our management and administrative team, who have reviewed the complaint and applicable policies before responding. We respect Ms. ******* concern about AI-generation and want to emphasize that we are personally reviewing and preparing our communication to you and to the Better Business Bureau. Everest **************** Solutions acknowledges the importance of safeguarding sensitive information. While Ms. ****** suggests that files are freely accessible to all, our current protocols provide limited access to personnel files and confidential data, which are placed behind a dedicated firewall (the Shell drive). Access to this Shell drive is restricted to leadership and HR staff only, preventing general office or off-shore employees from viewing sensitive information without authorization. We have implemented role-based permission structures ensuring ******** (IL) employees only have access to IL-specific data and ******* (AZ) employees only have access to AZ-specific data. Our off-shore support team members have access solely to documentation necessary for compliance and scheduling (such as caregiver credentials), but not to sensitive personal data that is unrelated to their function.  Everest does not endorse or permit the sharing of credentials for *************** websites among employees or between domestic and off-shore teams. We recognize and comply with regulations that forbid improper credential sharing, and we have ongoing internal audits to ensure these standards are upheld.  Our security policies mandate that personnel who require access to sensitive files must be physically on site or connected via secure VPN channels with limited permissions. This environment significantly reduces any risk of data leakage or misuse.  Ms. ******* assertions regarding *** fraud and misrepresentations of employee files are taken seriously. However, we have undergone external reviews of our *** documentation, and no fraudulent activity was identified or substantiated. We stand by our compliance with federal guidelines during the *** application and disbursement processes.  We do not condone any action that would misrepresent employee histories or conceal information on required documents. If specific evidence of wrongdoing is provided, we would investigate it thoroughly and take swift corrective action.  While Ms. ****** highlights potential lapses in operational protocols, we continually review and refine our policies to align with contract requirements, regulatory standards, and best practices for data security. Our leadership team and compliance officers regularly conduct internal audits and update policies to mitigate any procedural gaps.  In conclusion, below are some steps taken Security Enhancements: Reinforcing restricted access to sensitive information through the Shell drive and role-based permissions.  Ongoing Compliance Monitoring: Conducting regular internal reviews of credential usage and data handling.  Policy Updates: Continuing to refine HR, compliance, and operational protocols in both IL and AZ, as well as with our off-shore teams.  While Ms. ****** has indicated she prefers not to be contacted further, we remain open to providing any additional clarifications if requested by the Better Business Bureau or other relevant authorities. We take all allegations seriously and will continue to refine our processes to ensure compliance, privacy, and integrity.
  
  Cheers,
  Everest Solutions

   

  Customer Answer

  Date: 01/22/2025

   
  Better Business Bureau:
  
  Recent reviews of yours that you deleted indicate that the very practices you employed while I was there five years ago are still very much being done. Offshore staff still appear to have access to US government websites that only people in the ** should have. There is much more I know that I would be happy to share with the proper authorities. What I've gone through should be a wake up call as this place has operated unprofessionally and illegally. No one else connected to Everest should have to find out that their information was haphazardly compromised in such a manner. The truth always comes out in the end, and how you treat people determines your rise or fall. I have reviewed the response made by the business in reference to complaint ID ********, and find that this resolution is satisfactory to me.
  
  Sincerely,
  
  ****** ******