Breach, Data Security

Payroll vendor breached, data on more than 43,000 employees at risk

More than 43,000 former and current employees of Chicago-based Assisted Living Concepts (ALC) are being notified that their personal data – including Social Security numbers and pay information – may be at risk after an unauthorized third party breached ALC's payroll vendor and gained access to sensitive files.

How many victims? 43,600 former and current employees. 

What type of personal information? Names, addresses, birthdates, Social Security numbers and pay information.

What happened? An unauthorized third party improperly obtained ALC's payroll vendor credentials and used the credentials to access sensitive files in the vendor's system.

What was the response? ALC opened an investigation and is cooperating with law enforcement. Steps have been taken to prevent further unauthorized access to payroll systems, including deactivating the credentials used by the third party, as well as taking payroll systems offline until the issue was resolved. The vendor implemented two-factor authentication for accessing payroll records. ALC is notifying all impacted individuals, and is offering them one year of credit monitoring services.  

Details: ALC was alerted by its payroll vendor on Feb. 14 that an unauthorized party gained access to the vendor's system. The unauthorized access was gained from Dec. 14, 2013, to Jan. 14.

Quote: “In working with the FBI and the Internal Revenue Service (IRS) on this matter, the FBI and IRS have advised us that they believe that the personal information accessed in this case may be used by criminals to file fraudulent tax returns,” Peter Tarsney, executive vice president and general counsel with Assisted Living Concepts, wrote in the notification letter.

Source: doj.nh.gov, “Assisted Living Concepts,” Feb. 26, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.