US Airways employees notified of potential data compromise

Share this article:
Payroll vendor ADP inadvertently made personal information visible to fellow airline staffers.
Payroll vendor ADP inadvertently made personal information visible to fellow airline staffers.

Letters have been mailed to US Airways employees after payroll vendor Automatic Data Processing (ADP) inadvertently made personal information visible to fellow airline staffers.  

How many victims? Unknown, but US Airways employs roughly 40,000 workers.

What type of personal information? Names, Social Security numbers and total taxable W-2 wages for the tax years 2010, 2011 and 2012.

What happened? A programming error in the ADP system made it possible for certain other US Airways employees to download personal information belonging to their colleagues.

What was the response? The airline hired an outside law firm to conduct an investigation and notified appropriate government agencies. ADP is offering a free year of identity protection services. US Airways recommends frequent reviewing of account statements.

Details: ADP informed US Airways in early June of the programming error, explaining it had been corrected in early May. The airline sent a letter home to employees in mid-July and, wanting to protect its employees, the letter did not reveal specifics. 

But it appears a similar breach impacted at least one other organization , the city of Houston, last month, according to a report. It's unclear if the two incidents are linked.

Quote: “US Airways has not received any reports that yours or anyone else's information was seen by any unauthorized employee and has no indication that your information was otherwise available to any other non-employee,” according to the letter.

Source: Vermont attorney general's office, www.atg.state.vt.us, notification letter (PDF), July 18, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in The Data Breach Blog

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.

Marquette University notifies graduate applicants of possible breach

Settings for an internal file server were inadvertently modified, making graduate school applications accessible to anyone with Marquette University login credentials.