HR, payroll, and benefits management provider Sequoia claimed it identified improper access to a cloud storage repository containing sensitive client data. Sequoia One is an outsourced HR and payroll PEO. Sequoia alerted both corporate and individual clients of the breach, which happened between September 22 and October 6. Three years of Experian identity protection are free to victims.
Sequoia’s hacked cloud system stored an array of sensitive personal data, including names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, and member IDs as well as any other ID cards, Covid-19 test results, and vaccine cards that individuals uploaded to the employment system.
“As soon as the Company became aware of the situation, a response plan was initiated and a number of immediate actions were completed, including working with outside counsel to initiate a forensic review by Dell Secureworks. The forensic review found no evidence that the unauthorized party misused or distributed data.”
“Unauthorized access of information in a cloud storage system occurred between September 22 and October 6, 2022,” the company wrote. “The access was ‘read only,’ and there is no evidence that the unauthorized party changed any client data.” Sequoia has refused to specify the number of those whose data has been compromised.