Payroll vendor breached, data on more than 43,000 employees at risk

Share this article:

More than 43,000 former and current employees of Chicago-based Assisted Living Concepts (ALC) are being notified that their personal data – including Social Security numbers and pay information – may be at risk after an unauthorized third party breached ALC's payroll vendor and gained access to sensitive files.

How many victims? 43,600 former and current employees. 

What type of personal information? Names, addresses, birthdates, Social Security numbers and pay information.

What happened? An unauthorized third party improperly obtained ALC's payroll vendor credentials and used the credentials to access sensitive files in the vendor's system.

What was the response? ALC opened an investigation and is cooperating with law enforcement. Steps have been taken to prevent further unauthorized access to payroll systems, including deactivating the credentials used by the third party, as well as taking payroll systems offline until the issue was resolved. The vendor implemented two-factor authentication for accessing payroll records. ALC is notifying all impacted individuals, and is offering them one year of credit monitoring services.  

Details: ALC was alerted by its payroll vendor on Feb. 14 that an unauthorized party gained access to the vendor's system. The unauthorized access was gained from Dec. 14, 2013, to Jan. 14.

Quote: “In working with the FBI and the Internal Revenue Service (IRS) on this matter, the FBI and IRS have advised us that they believe that the personal information accessed in this case may be used by criminals to file fraudulent tax returns,” Peter Tarsney, executive vice president and general counsel with Assisted Living Concepts, wrote in the notification letter.

Source: doj.nh.gov, “Assisted Living Concepts,” Feb. 26, 2014.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.