HR Services Firm ComplyRight Suffers Major Data Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


HR Services Firm ComplyRight Suffers Major Data Breach


More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.



ComplyRight, a company that provides human resources functions to businesses, has begun notifying individuals of a data breach that may have exposed names, addresses, phone numbers, email addresses, and Social Security numbers taken from employee tax forms the company processed.
According to ComplyRight, the company has more than 76,000 customers, though it has not yet said how many were involved in the breach.
KrebsOnSecurity, which 
broke news of the breach
on Wednesday, writes that it appears to be a compromise of the website itself, rather than customer communications to and from the website. In its report, KrebsOnSecurity said it could find no ComplyRight employee with a security title on LinkedIn.
In a statement provided to Dark Reading, Jeannie Warner, security manager at WhiteHat Security said, As a human resources firm, ComplyRight handles forms overflowing with personally identifiable information, such as 1099s and W2s. The fact that the company touts its security prowess, yet Brian Krebs couldnt identify a single employee with a security title, is deeply concerning - and just another reason for consumers to question their trust in digital businesses.
A Qualys SSL Labs scan of the site
efile4biz.com
conducted by Dark Reading shows an overall score of B, capped because the server doesnt support forward secrecy or AEAD cipher suites. It must be noted, however, that this was a scan of the public-facing site (which does contain login provisions for customers); customers transacting business with the company may be re-directed to other servers upon authentication.
Nevertheless, the fact that the page still support outdated protocols such as TLS 1.0 for sign in indicates that there may be other legacy vulnerabilities still in place in the site application code.
In the Web page
disclosing the breach
, ComplyRight notes that the breach occurred in late May 2018, while the disclosure occurred on July 18. Ryan Wilk, vice president of customer success at NuData Security, a Mastercard company, said, One of the many dangerous things about breaches is the amount of time it takes for companies and end users to know their data is out in the open. From the moment a breach happens, hackers have ample time to broker the stolen names, Social Security numbers, tax data and other identifying information on the dark web – leaving customers and employees open to the impacts of identity theft.
Related Content
:
Less Than Half of Cyberattacks Detected via Antivirus: SANS
WordPress Sites Targeted in World Cup-Themed Spam Scam
7 Ways to Keep DNS Safe
Adidas US Website Hit by Data Breach
 
 
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
HR Services Firm ComplyRight Suffers Major Data Breach