KrebsOnSecurity reports on how identity thieves have been able to take tax and salary data from the payroll company ADP. The criminals were able to register accounts under the names of numerous employees at more than a dozen firms. In order to create the accounts, the thieves likely had already possessed the victims’ Social Security numbers. ADP said users needed a customer link supplied by ADP and a static ADP code given to the customer in order to finish registration. Roland Cloutier, ADP’s chief security officer, said the links and codes were unintentionally published online when some of their customers deferred on the signup process for some of their employees. Criminals would then have easy access to the payroll data of those employees who had not registered.
Full Story
Comments
If you want to comment on this post, you need to login.