HR and payroll giant Sequoia has said a data breach has exposed critically sensitive information about its users, including salary and benefits information, SSNs and other government-issued IDs, and even COVID-19 data such as vaccination status.
In a data breach notification (opens in new tab) to the California Attorney General’s office, the company, which has proven popular with SMBs and start-ups, explained: “recently became aware that an unauthorized party may have gained access to a cloud storage system that contains personal information that is processed in connection with the Company’s services to its customers, including your employer or, if you are a dependent, your relative’s employer.”
Other data that may be at risk include names, dates of birth, genders, marital status, and contact information such as work email addresses.
Sequoia data breach
According to the company’s findings – and those of its partners in the investigation, including Dell Secureworks – no evidence of malicious tools or ransomware has been found. It appears that the data was released between September 22 and October 6, 2022 and was read-only, suggesting that the data should not be tampered with.
In an effort to rectify this significant mishap, Sequoia has extended Identity theft protection and fraud detection service Experian IdentityWorks to its users and their dependents for 36 months.
In addition, the company is urging affected users to check their credit accounts with reporting companies such as Equifax, Experian, and TransUnion and consider setting up a PIN-protected credit freeze to prevent unauthorized account opening in their name.
Best Product Pro has contacted Sequoia for more information on the matter, including how the database was accessed.