ComplyRight Data Breach Affects 662,000, Gets Lawsuit

August 8, 2018 Avani Desai

A data breach at ComplyRight, a firm that provides HR and tax services to businesses, may have affected 662,000 people, according to a state agency. It has also prompted a lawsuit, which was filed in federal court by a person who was notified that their personal data was breached. The lawsuit seeks class-action status.

The ComplyRight data breach included names, addresses, phone numbers, email addresses and Social Security numbers, some of which came from tax and W-2 forms.

With a cyberattack, one of the most difficult processes initially is identifying that there was an actual attack and the true extent of it, said Desai, president of Schellman & Company, a security and privacy compliance assessor in Tampa, Fla. It's important to ask the following questions early: Was there sensitive information that was involved? Which systems were exploited? The firm quickly hired a third-party forensic group, she noted.

ComplyRight's services include a range of HR products, such as recruitment, time and attendance, as well as an online app for storing essential employee data. This particular attack was directed at its tax-form-preparation website. Hackers go after customer and employee data. The Identity Theft Resource Center 2018 midyear report, for instance, lists every known breach so far this year. It said the compromised data is a shopping list of HR managed data.

"ComplyRight locked down the system prior to announcing the breach, which is important, because when organizations announce too quickly, we see copycat attacks hit the already vulnerable situation," Desai said.

Read full article here

About the Author

Avani Desai

Avani Desai the President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more.

More Content by Avani Desai
Previous Article
How Smart Contracts Can Create a Competitive Edge
How Smart Contracts Can Create a Competitive Edge

Removing third parties speeds transactions and reduces their cost CFOs and finance departments are always l...

Next Article
Schellman Recognized as a Top 100 Accounting Firm by INSIDE Public Accounting
Schellman Recognized as a Top 100 Accounting Firm by INSIDE Public Accounting

Schellman has been ranked as one of the largest accounting firms in the United States by INSIDE Public Acco...

×



Subscribe now
to receive content updates once a week

First Name
!
Success
Error - something went wrong!