The Human Resources and payroll company Sequoia released a disclosure to customers that outlined a data breach that affected their cloud storage repository that contained an array of sensitive and personal data including names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, and member IDs as well as any other ID cards, Covid-19 test results, and vaccine cards that individuals uploaded to the employment system. The company has notified both corporate and personal users of their Sequoia One system and said that data may have been accessed between September 26 and October 6 of this year. Researchers did not find any evidence of a ransomware attack or unauthorized access on Sequoia’s systems and there has been no evidence that stolen data has been shared.
Analyst Notes
The company has offered identity protection services to anyone impacted in the breach. Sequoia declined to comment on the amount of victims it has offered identity protection services too. Anyone that has been notified that they may have been a victim of this breach should sign up for the free monitoring service being offered by Sequoia and go through credit reports to make sure nothing was created in between the time of breach and notification.
https://www.wired.com/story/sequoia-hr-data-breach/
