The seriously threatening part about data intrusion and getting hacked is the period from when the breach was done, and the actual time it takes for the end user or the company to find out that they’ve been attacked. You begin to think that from that certain phase, those cyber criminals may have already acquired all your sensitive information and might have sold it already on the dark net. Which leaves you, your company, and your clients to potential risks and possible identity theft.
This type of intrusion highlights the fact that dependency on plain old user credentials are simply not enough to protect yourself and your organization from cyber fraud. Any form of personally identifiable information are easily accessible and easy to steal. This most recent data breach happened to cloud-based HR service provider in Florida, ComplyRight. Owned by Taylor Corporation, ComplyRight provides tax solutions via efile4Biz. Their services are claimed to be used by more than 70,000 establishments.
Their investigation was able to confirm that the hackers were able to gain access to one of their databases. Personal information such as names, addresses, email accounts, tax forms, and even Social Security numbers were accessed. What’s a blur right now is that it’s unclear whether the exposed information was downloaded and utilized because there was no evidence yet of fraud or any other malicious activity after the breach.
After finding out about the intrusion, ComplyRight immediately disabled their platform, and automatically deployed their security protocols. A thorough investigation followed right after. The investigation process was done by external cybersecurity experts to be able to identify the scope of the attack, the potential number of victims, and the precise amount of information that got exposed. The investigation also revealed that the attackers previously had access to sensitive data from April to May of this year.
They’ve released a statement saying that security is their utmost concern, and that they are using the best available programs to prevent third-party breaches within their site. ComplyRight also sent information to all its clients who were affected by the breach. Although the number of affected is just a little less than 10%, they still apologized for the unfortunate inconvenience that this incident might have caused their clients and that they’re working and doing everything they can in order to provide better services and web experience moving forward.