Payroll vendor breached, data on more than 43,000 employees at risk

Share this article:

More than 43,000 former and current employees of Chicago-based Assisted Living Concepts (ALC) are being notified that their personal data – including Social Security numbers and pay information – may be at risk after an unauthorized third party breached ALC's payroll vendor and gained access to sensitive files.

How many victims? 43,600 former and current employees. 

What type of personal information? Names, addresses, birthdates, Social Security numbers and pay information.

What happened? An unauthorized third party improperly obtained ALC's payroll vendor credentials and used the credentials to access sensitive files in the vendor's system.

What was the response? ALC opened an investigation and is cooperating with law enforcement. Steps have been taken to prevent further unauthorized access to payroll systems, including deactivating the credentials used by the third party, as well as taking payroll systems offline until the issue was resolved. The vendor implemented two-factor authentication for accessing payroll records. ALC is notifying all impacted individuals, and is offering them one year of credit monitoring services.  

Details: ALC was alerted by its payroll vendor on Feb. 14 that an unauthorized party gained access to the vendor's system. The unauthorized access was gained from Dec. 14, 2013, to Jan. 14.

Quote: “In working with the FBI and the Internal Revenue Service (IRS) on this matter, the FBI and IRS have advised us that they believe that the personal information accessed in this case may be used by criminals to file fraudulent tax returns,” Peter Tarsney, executive vice president and general counsel with Assisted Living Concepts, wrote in the notification letter.

Source: doj.nh.gov, “Assisted Living Concepts,” Feb. 26, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Two laptops containing patient data stolen from American Family Care

The two laptops stolen from American Family Care were password protected, yet unencrypted, and may have contained Social Security numbers.

Viator investigates payment card breach, notifies 1.44 million customers

More than 1.4 million Viator customers are being notified that their personal data, including payment card information, may have been compromised.

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.