ADP is calling it "a small number" of affected clients, but some employees of the payroll provider's client firms have had tax and salary data stolen after cybercriminals gained entry through fraudulent registrations on ADP clients' self-service registration portal.
According to the Society for Human Resource Management's SHRM Online, the thieves were able to access the stolen data via company access codes to ADP's portal when those companies made the codes available through an unsecured public website. The information taken included tax and salary data. In one case involving ADP client U.S. Bancorp, W-2 information was also stolen.
Dick Wolfe, ADP's senior director of corporate communications, was quoted in the report saying, "It's important to point out it was not a breach." Instead, Wolfe says, access was gained because client companies did not adequately safeguard their unique access codes. The previous theft of other personal information, such as name, address and date of birth, allowed the cyberattackers to register fraudulent accounts in the employees' names.
Continue Reading for Free
Register and gain access to:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
