What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked.

Sequoia One specializes in the management of human resources, benefits, and payroll. For the past 21 years, they’ve worked with both corporate clients and individuals. Sequoia promises to take care of business owners’ administrative needs so that they can focus on their mission. However, on December 7, 2022, customers received a notice that suggests their administrative problems may have just begun.

The company disclosed that an unauthorized party may have accessed its cloud storage system between September 22 and October 6, 2022. This breach puts several pieces of sensitive information at risk, including names, social security numbers, dates of birth, marital statuses, email addresses, and vaccine cards.

As soon as the breach had been identified, the company enacted its response plan. And after performing a forensic review with the help of Dell Secureworks, a leading global security firm, it was determined that the software didn’t contain any ransomware. Also, it’s suspected that the unauthorized user had “read-only” access because no client data was changed or distributed.

Sequoia One is not the only California-based company that is struggling with data security issues. In fact, over the last five years, this state has been at the top of the list of states that have experienced data breaches. Well-known names such as LendingTree, Kaiser, Blue Shield of Southern California, Macmillan, and Humana are counted among the companies.
As a rule, companies that store consumer data are responsible for keeping it safe from unauthorized access. But a data breach doesn’t automatically make the company financially liable for the victim’s damages. The company can only be held responsible if the breach resulted from negligence. Instances of negligence include failing to implement an up-to-date security system, mistakenly making sensitive information publicly available, sending consumer information to unauthorized parties, opening unsolicited emails containing malware, and responding to phishing attacks.

Sequoia One boasts more than 1700 corporate clients and more than 200 international clients. However, when the company was asked about how many of their clients had been affected by the breach, they remained tight-lipped. “At this time, our focus and communication is only with our clients,” said Kristin Schaeffer, public relations representative for the company. But according to California state law, businesses must notify the attorney general if a breach affects more than 500 state residents.

While Sequoia One may see no evidence of malicious behavior, experts say that it can take time for a data breach’s full impact to surface. And while it hasn’t been made public how many customers have been affected by the breach, the company is offering all of its client’s free identity protection services for three years in order to help mitigate the situation. They’ve also notified clients that are most at risk. The company has not yet made public how the unauthorized party gained access to its system.

Related Posts - TKS Blog

TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
password protection in the era of AI
Password Security In The Age Of AI
The AI Threat to Password Security Artificial intelligence is revolutionizing many industries, but it’s also empowering cyber criminals. Recent studies reveal that AI can crack over...
Read more
tech news updates jan 2025
TKS Newsletter - 2025 January
Here's our January 2025 Newsletter Read the full PDF version here: The TKS Sentinel - January Issue In this month's edition, we discuss: New Tech Tools Malicious...
Read more

Used with permission from Article Aggregator