News & Comment: Human Resources Firm ComplyRight Breached — Krebs on Security

NEWS: Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s thousands of clients on behalf of employees.

Read full article



Ryan Wilk, Vice President of Customer Success, NuData Security, a Mastercard company:

“One of the many dangerous things about breaches is the amount of time it takes for companies and end users to know their data is out in the open. From the moment a breach happens, hackers have ample time to broker the stolen names, Social Security numbers, tax data and other identifying information on the dark web – leaving customers and employees open to the impacts of identity theft.

“This breach underscores once again, for merchants and financial institutions, that mere reliance on passwords and usernames is insufficient to protect their organization and their customers from online fraud. It’s past time for every organization handling sensitive data to lock down their security, and to stop relying personally identifiable information to verify users – which is easily stolen and easily reused. 

“Many companies are implementing multi-layered solutions with passive biometrics and behavioral analytics to leverage behavior patterns and hundreds of other indicators to confirm legitimate users with true accuracy. This way companies don’t rely on the credentials and sensitive data exposed in breaches.”