Steve Alexander reports:
The hacker who stole information about 27,000 people from payroll processor Ceridian Corp. apparently had some inadvertent help from the company.
According to one hacking victim, a Ceridian employee told him that his inactive, 10-year-old payroll data had been stolen because a Ceridian software glitch kept it in the company’s database long after it should have been deleted. The stolen information included his name, Social Security number and street address.
[…]
Ceridian didn’t respond to the allegation about a software glitch and declined to say what percentage of the hacking victims were, like Ashton, no longer with employers using Ceridian’s payroll service.
[…]
Ceridian said Wednesday that 27,000 people at 1,900 firms were affected by the Dec. 22-23 hacking of its payroll information database. The breach, which affected the company’s Powerpay payroll system, affected less than one-tenth of a percent of the employees for whom Ceridian provides payroll services, the firm said.
[…]
Becker said 31 people at his employer, Oxygen Service Co. of St. Paul, got letters from Ceridian saying their personal data had been taken in the hacker attack — even though his company stopped using the Ceridian service in 2008.
Read more in The Star-Tribune
If this is true, it is reminiscent of the Colt Express breach in which many people whose employers no longer used the benefits administrator had their data stolen because the firm did not remove the data from its system.