Payroll company error prompts security breach concern

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.chron.com/news/houston-texas/houston/article/Payroll-company-error-prompts-security-breach-4611194.php

Technical issues encountered by the city of Houston's payroll
contractor could have potentially exposed personal information for
nearly 5,000 local government workers, including more than 1,000 in
the Houston Police Department.

Widespread notice about the compromised data emerged on Wednesday when
the Houston Police Officers' Union posted a notice to members on its
Facebook page.

"The HPOU was notified that ADP had a security breach in relation to
the City's online W-2s. This breach is extremely low risk but does
potentially affect approximately 1,300 classified HPD employees. ADP
is sending letters to all employees affected and offering a free year
of ID theft protection," the entry said.

A W-2 is an employee's annual wage and tax statement filed by an
employer with the Internal Revenue Service.

In an statement, ADP, also known as Automatic Data Processing,
described the incident as a "software code error" and expressed regret
for any inconvenience.

"The issue has now been corrected, so any new tax forms being produced
do not have this problem," the release said. "Although ADP believes
that the risk of exposure is very low, the company has reached out to
all impacted clients and offered to provide their affected employees
with standard credit monitoring services."

ADP is a publicly traded payroll and benefits administrator
responsible for processing the paychecks of 24 million, or one in six,
U.S. workers. It handled nearly 48 million W-2s in 2012, according to
a company fact sheet.

Police union president Ray Hunt said he was told that Social Security
numbers and matching names were exposed because of a security failure,
but that unauthorized access was unlikely. The police union also heard
from the payroll company on Wednesday about the accuracy of the
Facebook post.

"They said it was a programming error, but the information I received
from the city of Houston called it a security breach," the union
leader said. "I was one of the persons whose information was
compromised."

Hunt said he is encouraging police union members to accept the
company's offer of free ID theft monitoring.

"I am not incredibly alarmed," he said. "Of course, anytime your
Social Security number and name is out there, it's a concern."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.