Payroll vendor breached, data on more than 43,000 employees at risk

Share this article:

More than 43,000 former and current employees of Chicago-based Assisted Living Concepts (ALC) are being notified that their personal data – including Social Security numbers and pay information – may be at risk after an unauthorized third party breached ALC's payroll vendor and gained access to sensitive files.

How many victims? 43,600 former and current employees. 

What type of personal information? Names, addresses, birthdates, Social Security numbers and pay information.

What happened? An unauthorized third party improperly obtained ALC's payroll vendor credentials and used the credentials to access sensitive files in the vendor's system.

What was the response? ALC opened an investigation and is cooperating with law enforcement. Steps have been taken to prevent further unauthorized access to payroll systems, including deactivating the credentials used by the third party, as well as taking payroll systems offline until the issue was resolved. The vendor implemented two-factor authentication for accessing payroll records. ALC is notifying all impacted individuals, and is offering them one year of credit monitoring services.  

Details: ALC was alerted by its payroll vendor on Feb. 14 that an unauthorized party gained access to the vendor's system. The unauthorized access was gained from Dec. 14, 2013, to Jan. 14.

Quote: “In working with the FBI and the Internal Revenue Service (IRS) on this matter, the FBI and IRS have advised us that they believe that the personal information accessed in this case may be used by criminals to file fraudulent tax returns,” Peter Tarsney, executive vice president and general counsel with Assisted Living Concepts, wrote in the notification letter.

Source: doj.nh.gov, “Assisted Living Concepts,” Feb. 26, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.