Slyck.com
 
Slyck Chatbox - And More

Fraudsters Exploited Lax Security At Equifax’s TALX Payroll Division

What's happening in the technology world! Please submit stories for this forum here.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Fraudsters Exploited Lax Security At Equifax’s TALX Payroll Division

Postby sunnyd » Fri May 19, 2017 1:47 pm

Story : https://krebsonsecurity.com/2017/05/fraudsters-exploited-lax-security-at-equifax





Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Thanks to data breach notification laws in nearly all U.S. states now, we know that so far at least five organizations have received letters from Equifax about a series of incidents over the past year, including defense contractor giant Northrop Grumman; staffing firm Allegis Group; Saint-Gobain Corp.; Erickson Living; and the University of Louisville.







Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
User avatar
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Return to Tech/Internet/Other News

Who is online

Users browsing this forum: No registered users and 5 guests

© 2001-2008 Slyck.com