In an absolutely shocking incident at Minnesota based Ceridian Corporation, a data security hack attack lead to exposure of Social security numbers, bank account numbers and birth date of 27,000 people. These are people who are working world wide in 1,900 companies.
The issue was primarily discovered by the company officials during the end of 2009 and was immediately reported to Federal Bureau of Investigation and the local government authorities. A letter was then issued on Jan. 29 by Ceridian authorities to the affected workers and was obtained by a leading news site.
Kevin Peterson on behalf of the authorities said, “We took immediate preventive steps to ensure no further incident of this type would occur,” “While the total number of employees affected is small, in our minds one is too many, and we are handling this incident according to our established protocol.” “We wanted to make sure we knew exactly what records had been taken,” Peterson said. “It’s somewhat complicated to understand what the hacker had done, so we worked with authorities to basically recreate what the hacker had done.”
Luckily for the authorities there are no indications of illegal financial transactions being made after this incident was reported. Overall the employees affected by this accident are less than 1%. But that said, according to Avivah Litan, a financial services analyst with Gartner, this incident is potentially more serious than other highly publicized security lapses in the financial industry that revealed millions of credit card numbers.
As a prevention mechanism, the company has also changed the passwords using encryption software for all its Powerpay payroll system customers, which includes all the 1,900 companies that were affected. Initially all the employees were not contacted because the authorities were trying to determine the cause of the data security breach and the cause of the attack. Ceridian has also offered a year of free credit or identity theft monitoring through Equifax Credit Watch. In addition, they have also outlined preventive steps for those who were affected and what they should do to monitor their credit and make sure new accounts aren’t opened in their names.
As far as Ceridian is concerned, this is for the second time that such an incident is happening in three years. Something similar had also happened in 2007 and it involved the theft of financial information from a former employee.
What the victims felt?
However, the letter appeared to confuse some consumers as it didn’t clearly identify the victimized company (which could be a current or former employer) or the bank of the employee that was involved.
Todd Ashton, a Lakeville resident said, “My information never should have been in their computer system”. He also said that it’s been a decade since he left the employer who used Ceridian’s payroll service.
Phil Martin who is a retired employee based in Gainesville, said he had never heard of Ceridian’s Powerpay service and was worried at first that his Social Security check was at risk. Finally after calls to Ceridian it was confirmed that his Social Security account wasn’t involved.
There were some employees who even felt that the letter was like a scam and it didn’t really talk about the admission of a payroll breach. There are companies who just simply disclose the security breaches to those who are directly affected. Then there are those involved, who offer loss resolution services that help recover money or insurance against losses suffered as a result of the breach, she said.
Great guide, and many thanks for taking the time to publish it; I’m sure other readers benefited too. It really opened my eyes for some new ideas that I hadn’t thought of before.