HQ/EMEAFind out how we can help your business
Sequoia, a human resources company, has detected unauthorised access to its cloud storage repository containing customers’ sensitive data. This news was disclosed in a recent report published by the company.
The human resources company sent notifications to its partners, customers, and individuals who may have been affected by the security incident. According to Sequoia, the data breach transpired between September 22 and October 6, wherein its cloud system storing troves of sensitive data was breached by unknown malicious entities.
The human resources company revealed that critical data had been compromised in the security breach incident.
As mentioned in Sequoia’s statement, the compromised data includes full names, addresses, birthdates, genders, employment status, marital status, corporate email addresses, Social Security numbers, wage information, membership IDs, Covid-19 test results, and vaccine cards.
A part of the company’s efforts to aid the affected individuals includes offering them three years of Experian identity protection services free of charge. Sequoia also added that they had immediately launched an investigation and incident response plan upon learning of the issue. Fortunately, the initial investigations show no evidence of data misuse using the compromised information.
Sequoia had not disclosed how many people were affected by the incident, adding that their current priority is exclusive communication with only their clients. Nonetheless, the human resources company shared that it did not find malware on its systems, did not detect evidence of data misuse and extortion attempts, did not find a compromised server within its infrastructure, and did not find any active malicious access that remained in its systems.
Security experts, however, say that it only takes time before threat actors misuse the stolen data or execute other malicious activities linked to security incidents. The analysts also added that the free identity theft monitoring services might help the victims and all people involved, although, after three years, the people’s data remain available somewhere unsafe where malicious actors can utilise them for cyberattacks.
