This week, Google started notifying affected employees of a data breach that occurred when a third-party benefits vendor mistakenly sent an email file with employee information to an unintended source.
A copy of Google’s notification letter to employees was made available through the California Attorney’s General website. The letter does not name the involved vendor, nor does it say which areas of the company’s benefits were impacted.
The vendor sent the data to another third-party benefits provider, which reportedly erased the information upon realizing the mistake.
“We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted,” Google explained to employees.
“In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document,” the letter said.
Names and Social Security numbers of an undisclosed number of Google employees were included in the file. Teri Wisness, director of U.S. benefits at Google, said “We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted.”
Google will provide 24 months of free identity protection and credit-monitoring services to affected employees. The letter also recommends employees access the free credit reports available under U.S. law.
Though the breach at Google seems the result of human error on the part of a broker vendor, more cyber security experts suggest company benefit plans will be targets for cyber criminals.
ADP recently announced a “small number” of clients were affected when cyber criminals accessed the firm’s payroll services unit.