Benefits vendor’s flub leads to data breach at Google

May 12, 2016 at 08:25 AM
Share & Print

This week, Google started notifying affected employees of a data breach that occurred when a third-party benefits vendor mistakenly sent an email file with employee information to an unintended source.

A copy of Google's notification letter to employees was made available through the California Attorney's General website. The letter does not name the involved vendor, nor does it say which areas of the company's benefits were impacted.

The vendor sent the data to another third-party benefits provider, which reportedly erased the information upon realizing the mistake.

"We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted," Google explained to employees.

"In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document," the letter said.

Names and Social Security numbers of an undisclosed number of Google employees were included in the file. Teri Wisness, director of U.S. benefits at Google, said "We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted."

Google will provide 24 months of free identity protection and credit-monitoring services to affected employees. The letter also recommends employees access the free credit reports available under U.S. law.

Though the breach at Google seems the result of human error on the part of a broker vendor, more cyber security experts suggest company benefit plans will be targets for cyber criminals.

ADP recently announced a "small number" of clients were affected when cyber criminals accessed the firm's payroll services unit.

An ADP spokesperson was quick to say the event was not a "cyber breach," but that personal tax and payroll information was exposed because client firms did not adequately protect access codes to ADP's online portal.

The Identity Theft Resource Center says that so far in 2016, nearly 350 data breaches have taken place, resulting in the theft of more than 11.3 million personal records.

Cyber criminals used data in the ADP theft to file counterfeit tax returns to the IRS, according to a report from the Society for Human Resources Management.

See also:

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center