Banks and retail organizations aren’t the only targets when it comes to stolen financial information. Other third-party consultants and business service providers deal with the same type of data, and criminals know it.
In the recent massive Sony Pictures Entertainment hack now being investigated by FBI, not only was internal financial information leaked online, but the salary information of over 30,000 Deloitte employees that worked within the tax, consulting and auditing branches of the company from as far back as 2005 was also compromised.
Free eBook: Modern Retail Security Risk – Get your copy now.
According to Fusion.net, the data was one of many documents that belonged to a Sony employee who worked in human resources and who had previously worked at Deloitte. (Apparently, they had saved some interesting HR files from their tenure.)
Deloitte, one of the largest consulting firms in the world that provides audit, tax, risk and financial advisory services, has needless to say a ton of financial data on thousands of enterprise companies. Although they weren’t hacked per se, any internal information about the company that is leaked is bad news.
Payroll Companies Breached
Another report of an intrusion comes from the specialized payroll company, American Residuals and Talent (ART Payroll), that services the advertising, entertainment, and events production industry, including members of the Screen Actors Guild-American Federation of Television and Radio Artists, according to the LATimes.com.
ART Payroll recently reported an intrusion after detecting an unauthorized login to their web application. Data accessed includes client names, Social Security numbers, addresses, bank account information, date of birth and email addresses.
To learn about how payroll and HR data is stolen for the purposes of tax fraud, please read the rest of this article on Duo Security’s blog here.
By Thu Pham, Information Security Journalist, Duo Security | @Thu_Duo
About Duo Security
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.