Security breach compromised thousands of customer data
ComplyRight, a Human Resources company, whose information is established in the cloud, was the victim of a data breach that could have compromised the information of its clients, as reported by enterprise data protection services from the International Institute of Cyber Security.
It is not clear yet how many customers were affected; however, tax forms sent by the company containing names, telephones, and social security numbers were compromised.
In a security statement, the company announced that “last May 22, ComplyRight learned of a possible problem related to the tax return web platform. After the investigation, the company has come to the conclusion that a criminal hack attack had been directed to some of the personal information maintained on the websites using the company’s platform”.
The firm said that a hacker obtained unauthorized access to its platform and that “a part (less than 10%)” of those whose tax forms were prepared by the company, were affected by the incident. ComplyRight has reported the incident to the Internal Revenue Service (IRS) as well as to the Florida attorney’s office.
Specialists in enterprise data protection services mention that an alarming number of web applications are still quite vulnerable and susceptible to being attacked by hackers today.
In this case, as a human resources company, ComplyRight handles forms full of personally identifiable information. The fact that the company declares itself competent to guarantee the security of the data of its clients but does not count with a single professional qualified for such work is of considerable gravity, and is one more reason for the users of digital commerce to remain alerts when using this type of services.
Enterprise data protection services experts add that organizations that rely on digital platforms should allow developers to encode using best security practices throughout the development cycle of software, with adequate training and even certifications in information security.
Experts in information security believe that this event is an alert, for consumers and service providers, to strengthen their authentication processes and to improve their password’s security.
Organizations that work with sensitive information should stop relying on unskilled personnel to safeguard their access to the information they handle.