Colorado-based human resources company, StaffScapes, has notified the Maine Attorney General’s Office of a data breach that took place in February. Following an email compromise, an unauthorized party was able to access the company’s environments. StaffScapes offers HR services, from payroll to benefit packages and worker compensation administration.
Personal identifiers, such as names, and Social Security numbers were exposed, affecting over 4,500 people.
Upon discovering the breach, StaffScapes took immediate action to minimize the risks, securing the compromised systems, and initiating an investigation into the unauthorized access. The company has also reinforced two-factor authentication and conducted a mass password reset.
They also reported that they are remaining vigilant, reporting any suspected phishing emails, and will continue to screen emails carefully to avoid similar incidents in the future.
Data breaches continue to pose a significant threat to organizations of all sizes, and companies providing HR services are no exception.
To minimize the risks, businesses must ensure they have proper security measures in place, including employee training on how to identify and avoid phishing attacks.
Additionally, they must have an incident response plan in place to respond quickly and effectively to breaches when they do occur.
The notification of this breach by StaffScapes highlights the importance of companies being transparent about data breaches, notifying affected individuals and authorities as soon as possible.
This transparency can help those affected take necessary steps to protect themselves against the risks of identity theft or fraud, and it can also help other organizations learn from the incident and take steps to avoid similar breaches.
