Payroll vendor breached, data on more than 43,000 employees at risk

Share this article:

More than 43,000 former and current employees of Chicago-based Assisted Living Concepts (ALC) are being notified that their personal data – including Social Security numbers and pay information – may be at risk after an unauthorized third party breached ALC's payroll vendor and gained access to sensitive files.

How many victims? 43,600 former and current employees. 

What type of personal information? Names, addresses, birthdates, Social Security numbers and pay information.

What happened? An unauthorized third party improperly obtained ALC's payroll vendor credentials and used the credentials to access sensitive files in the vendor's system.

What was the response? ALC opened an investigation and is cooperating with law enforcement. Steps have been taken to prevent further unauthorized access to payroll systems, including deactivating the credentials used by the third party, as well as taking payroll systems offline until the issue was resolved. The vendor implemented two-factor authentication for accessing payroll records. ALC is notifying all impacted individuals, and is offering them one year of credit monitoring services.  

Details: ALC was alerted by its payroll vendor on Feb. 14 that an unauthorized party gained access to the vendor's system. The unauthorized access was gained from Dec. 14, 2013, to Jan. 14.

Quote: “In working with the FBI and the Internal Revenue Service (IRS) on this matter, the FBI and IRS have advised us that they believe that the personal information accessed in this case may be used by criminals to file fraudulent tax returns,” Peter Tarsney, executive vice president and general counsel with Assisted Living Concepts, wrote in the notification letter.

Source: doj.nh.gov, “Assisted Living Concepts,” Feb. 26, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Backup hard drive stolen from law firm contained personal info

Social security numbers were among the information on a backup hard drive that was stolen from an employee of Imhoff and Associates, PC.

POS malware infections at two OTTO pizzeria locations in Maine

About 900 customers at two OTTO pizzeria locations in Portland, Maine, had payment card data compromised after POS malware was discovered on terminals.

Los Angeles-based health system breached; more than 500 patients affected

Personal information on more than 500 Cedars-Sinai Health System patients was compromised after a laptop was stolen from an employee's home.