ComplyRight Breach

Recently several people received notices in the mail about a ComplyRight Breach. Surely this was confusing to many, as few people have ever heard of them. But while many have never heard of ComplyRight, they still had sensitive info on thousands of people. Thankfully, Brian Krebs shared more on this breach yesterday. Here’s our quick overview!

 

So who is ComplyRight?

ComplyRight is an HR firm that specializes in helping small businesses manage employees. Businesses can hire them to create and mail out tax forms such as 1099s and W2s. Because of this, ComplyRight has personal data on many people which do not directly interact with the company.

 

What do we know about the ComplyRight Breach?

ComplyRight learned of the breach on May 22nd, 2018. Evidently the attackers had access to the data for about a month. ComplyRight stated that they are not sure if the cyber criminals actually downloaded or stole the data and that these notifications are to keep ahead of a possible breach.

Unfortunately, with the kind of data in tax forms, it’s very likely the crooks stole what information they had access to. Social Security Numbers and other personal data are useful for identity theft and crooks can also sell it online. So even though they say crooks may not have taken the data, it’s very likely that they did.

 

How many people does the ComplyRight Breach affect?

ComplyRight says that the breach affects fewer than 10% of their customers, and they say they service about 76,000 organizations. But it is worth noting that ComplyRight’s customers are actually the businesses using their service, not individuals. So each of those breached organizations has several employees, making the number difficult to truly estimate.

Until ComplyRight releases more details, we may not know how many people this breach affects. All we know is that if you received a notice in the mail, the breach affects you.

 

What can I do?

ComplyRight is offering free credit monitoring and identity theft protection services to those affected by the breach. These can certainly be useful, but it is important to remember that they only notify you after fraud occurs.

Brian Krebs has long advocated using a Credit Freeze to severely limit who can access your credit, and there’s more merit to this now than ever. With recent legislation, it will soon be free to place a credit freeze at the three main credit bureaus. So this option may be worth exploring for victims.

Remember, credit freezes have their own pros and cons, and they are not a bulletproof plan. So whether you find it is right for you or not, stay vigilant on safe guarding your data.

 

Stay Cyber Aware with Astria

This breach like all others just goes to show the lack of cyber security awareness in many businesses. But you can stay ahead of the game! This blog is here to keep you informed of news, trends, and useful cyber security tips and tricks. Remember, for news of the ComplyRight Breach and beyond, Astria is your best ally!