ADP is calling it "a small number" of affected clients, but some employees of the payroll provider's client firms have had tax and salary data stolen after cybercriminals gained entry through fraudulent registrations on ADP clients' self-service registration portal.
According to the Society for Human Resource Management's SHRM Online, the thieves were able to access the stolen data via company access codes to ADP's portal when those companies made the codes available through an unsecured public website. The information taken included tax and salary data. In one case involving ADP client U.S. Bancorp, W-2 information was also stolen.
Dick Wolfe, ADP's senior director of corporate communications, was quoted in the report saying, "It's important to point out it was not a breach." Instead, Wolfe says, access was gained because client companies did not adequately safeguard their unique access codes. The previous theft of other personal information, such as name, address and date of birth, allowed the cyberattackers to register fraudulent accounts in the employees' names.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
- Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
- Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
