Another HR Firm Hit By Cyber Attack

While the memories of the massive PageUp data breach still haven’t faded, we now hear about another HR firm that suffered a cyber attack. This time, it is a cloud-based human resource provider ‘ComplyRight’. As disclosed in their notice, the ComplyRight data breach may have exposed details of thousands of individuals.

ComplyRight Data Breach Affected More Than 7600 Customer Firms

On July 18, 2018, the US-based HR firm published an official notice disclosing a security breach. According to the press release, ComplyRight observed unauthorized access to their tax reporting web platform. After noticing the matter, they quickly disabled the platform and began investigations to confirm the breach. Later, investigations revealed that somebody has viewed or accessed the information. However, they could not determine anything regarding possible downloads of the data.

As stated, the breached data belongs to only some ComplyRight customers.

“A portion (less than 10%) of individuals with tax forms prepared on the ComplyRight web platform were impacted by this incident.”

Nonetheless, ComplyRight has a large clientele base including more than 76,000 firms. Thus,  we can certainly expect if the number is in fact 10%  of affectees there would still be several thousands affected.

ComplyRight Confirms No Misuse Of Data

In their statement and FAQs, ComplyRight states that the breached details might include names, contact addresses, contact numbers, email addresses and social security numbers. However, they confirmed that they currently are not aware of any misuse of the breached data.

“The investigation found no evidence that any user or payer information was compromised. No credit card or bank account information of users or payers was involved.”

However, since they do not know of any unauthorized downloads of the data, they have informed all of the affected users. Moreover, they are also offering a 12-month identity theft protection and credit monitoring service to the affectees free of cost.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients