Sequoia, the payroll giant, said the data breach exposed critical sensitive information about its users, including pay and benefits information, SSNs and other government-issued identifiers, and even COVID-19 data such as vaccination status.
In data breach notification (opens in a new tab) to the California Attorney General’s office, the company, which has proven popular with SMEs and startups, explained that it “recently became aware that an unauthorized person may have accessed a cloud storage system that contained personal information provided in connection with the company’s services to its customers, including your employer or, if you are dependent, the employer of your family member’.
Other data that may be at risk include names, dates of birth, gender, marital status, and contact information such as a work email address.
Sequoia data breach
According to the findings of the company – and its partners in the investigation, including Dell Secureworks – no evidence of malicious tools or ransomware was found. The data appears to have been leaked between September 22 and October 6, 2022 and was read-only, suggesting that the data should remain intact.
In order to rectify this significant misfortune, Sequoia expanded its operations Identity theft protection and Experian IdentityWorks fraud detection services for users and their dependents for 36 months.
In addition, the company urges affected users to monitor their credit accounts with reporting companies such as Equifax, Experian and TransUnion, and to consider a PIN-protected credit freeze to prevent unauthorized opening of further accounts in their name.
TechRadar Pro contacted Sequoia for further information on the matter, including how to access the database.