Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Federal Regulation > IRS

Benefits vendor’s flub leads to data breach at Google

By Nick Thornton

X
Your article was successfully shared with the contacts you provided.

This week, Google started notifying affected employees of a data breach that occurred when a third-party benefits vendor mistakenly sent an email file with employee information to an unintended source.

A copy of Google’s notification letter to employees was made available through the California Attorney’s General website. The letter does not name the involved vendor, nor does it say which areas of the company’s benefits were impacted.

The vendor sent the data to another third-party benefits provider, which reportedly erased the information upon realizing the mistake.

“We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted,” Google explained to employees.

“In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document,” the letter said.

Names and Social Security numbers of an undisclosed number of Google employees were included in the file. Teri Wisness, director of U.S. benefits at Google, said “We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted.”

Google will provide 24 months of free identity protection and credit-monitoring services to affected employees. The letter also recommends employees access the free credit reports available under U.S. law.

Though the breach at Google seems the result of human error on the part of a broker vendor, more cyber security experts suggest company benefit plans will be targets for cyber criminals.

ADP recently announced a “small number” of clients were affected when cyber criminals accessed the firm’s payroll services unit.

An ADP spokesperson was quick to say the event was not a “cyber breach,” but that personal tax and payroll information was exposed because client firms did not adequately protect access codes to ADP’s online portal.

The Identity Theft Resource Center says that so far in 2016, nearly 350 data breaches have taken place, resulting in the theft of more than 11.3 million personal records.

Cyber criminals used data in the ADP theft to file counterfeit tax returns to the IRS, according to a report from the Society for Human Resources Management.

See also:

4 of the biggest challenges facing the insurance industry (and how to overcome them)

Watchdog: IRS used bad Java in PPACA system

The 10 most expensive data breaches

Have you Liked us on Facebook?

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.