Hackers access customer personal data such as social security numbers and COVID-19 test results in the Sequoia breach.
Hackers Access Customer Personal Data in Sequoia Breach
Payroll and HR giant Sequoia has stated that a data breach exposed critically sensitive information on its users and this is including salary and benefit information, government-issued IDs, SSNs, and covoid-19 information such as vaccination status.
The company in a data breach notification to the California attorney general’s office which has already proven to be popular with startups and SMEs, explained it, “recently became aware that an unauthorized party may have accessed a cloud storage system that contained personal information provided in connection with the Company’s services to its clients, including your employer or, if you are a dependent, your family member’s employer.”
Other forms of data that could also be at risk include dates of birth, genders, names, marital status, and contact information such as work email addresses.
No Evidence of Malicious Tools or Ransomware Were Found
According to the findings of the company and those of its partners in the investigation carried out including Dell Securenetworks, there was no evidence of malicious tools or ransomware found. It however seems that the data was exposed between September 22 and October 6, 2022, and was on read-only, thus suggesting that the data should remain untampered with.
Sequoia’s Response in Trying to Salvage the Breach
Sequoia in a bid to rectify this major issue has extended ID theft protection and fraud detection service Experian IdentityWorks to its users and their departments for 36 months.
The company furthermore is urging all users affected to monitor their credit accounts with reporting companies such as Equifax, TransUnion, and Experian, and to also consider placing a pin-protected credit freeze in order to prevent the unauthorized opening of any further accounts in respect to their names.