ADP has confirmed that
cyber-criminals have accessed customer tax data but deny that any
security ‘breach’ has occured. ADP offer ‘cloud-based’ human
capital management solutions – human resources, payroll, benefits
administration and taxes.
ADP has blamed the customers, of which they have over 610,000 clients, globally. ADP claims the companies mistakenly posted confidential data online, thus leaving individuals open to tax-refund fraud.
ADP believe that the cyber criminals were already in possession of the personal data needed to file a false tax return – name, date of birth and Social Security Number. Additionally, the hackers had access to the company-specific links and static, personal code assigned by ADP, necessary to access payroll information and hence W-2 tax forms. With a W-2 tax form criminals can request fallacious tax refunds in the names of legitimate tax payers.
This is not new territory for ADP, the firm has a track record of data mishaps - falling prey to phishing scams and third-party security breaches in 2005, 2006, 2007 and 2011.
This incident, once again, brings into question the IRS' own lack of adequate security - personal data such as names, DoBs and Social Security Numbers are very easy to come by online. Such data should not be sufficient to access, in some cases, tens of thousands of dollars.
ADP has blamed the customers, of which they have over 610,000 clients, globally. ADP claims the companies mistakenly posted confidential data online, thus leaving individuals open to tax-refund fraud.
ADP believe that the cyber criminals were already in possession of the personal data needed to file a false tax return – name, date of birth and Social Security Number. Additionally, the hackers had access to the company-specific links and static, personal code assigned by ADP, necessary to access payroll information and hence W-2 tax forms. With a W-2 tax form criminals can request fallacious tax refunds in the names of legitimate tax payers.
This is not new territory for ADP, the firm has a track record of data mishaps - falling prey to phishing scams and third-party security breaches in 2005, 2006, 2007 and 2011.
This incident, once again, brings into question the IRS' own lack of adequate security - personal data such as names, DoBs and Social Security Numbers are very easy to come by online. Such data should not be sufficient to access, in some cases, tens of thousands of dollars.
0 comments:
Post a Comment