Breach, Data Security, Vulnerability Management

US Airways employees notified of potential data compromise

Letters have been mailed to US Airways employees after payroll vendor Automatic Data Processing (ADP) inadvertently made personal information visible to fellow airline staffers.  

How many victims? Unknown, but US Airways employs roughly 40,000 workers.

What type of personal information? Names, Social Security numbers and total taxable W-2 wages for the tax years 2010, 2011 and 2012.

What happened? A programming error in the ADP system made it possible for certain other US Airways employees to download personal information belonging to their colleagues.

What was the response? The airline hired an outside law firm to conduct an investigation and notified appropriate government agencies. ADP is offering a free year of identity protection services. US Airways recommends frequent reviewing of account statements.

Details: ADP informed US Airways in early June of the programming error, explaining it had been corrected in early May. The airline sent a letter home to employees in mid-July and, wanting to protect its employees, the letter did not reveal specifics. 

But it appears a similar breach impacted at least one other organization , the city of Houston, last month, according to a report. It's unclear if the two incidents are linked.

Quote: “US Airways has not received any reports that yours or anyone else's information was seen by any unauthorized employee and has no indication that your information was otherwise available to any other non-employee,” according to the letter.

Source: Vermont attorney general's office, www.atg.state.vt.us, notification letter (PDF), July 18, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.