DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Assisted Living Concepts notifying over 43,000 employees after hack of payroll database at vendor’s (update3)

Posted on March 5, 2014 by Dissent

Chicago-based Assisted Living Concepts, LLC and its subsidiaries own and/or operate 200 assisted living facilities in 20 states. ALC uses an external vendor to process its payroll for its employees.

On February 14, the vendor notified ALC that they had detected unauthorized access to ALC’s payroll database. Investigation revealed that ALC’s login credentials had been acquired and misused to gain access to the payroll database containing current and former employees’ names, addresses, birth dates, Social Security numbers, and pay information.

The unauthorized access occurred between December 14, 2013 and January 14, 2014, and affected 43,600 employees. The vendor was not named in ALC’s notification, and it is not clear whether the login credentials were obtained from someone at ALC via phishing or some other means, or whether they were obtained from someone on the vendor’s end.

ALC deactivated the compromised login credentials, took the payroll database offline, and notified the FBI and state authorities.

In letters that went out this week, ALC offered affected current and former employees free credit monitoring via Experian ProtectMyID.

You can read ALC’s notification to New Hampshire and affected employees on the New Hampshire Attorney General’s website, here (pdf).

Updates: The breach was also reported to Vermont residents and Maryland residents.

Update 3: On March 28, ALC notified New Hampshire that on March 13, they discovered that 7,810 dependents of current and former employees also had their information involved.

Category: Business SectorHackSubcontractorU.S.

Post navigation

← UK: Admiral remaining vigilant after Aviva data breach
Ca: Health department won't remove doctor for privacy breach →

7 thoughts on “Assisted Living Concepts notifying over 43,000 employees after hack of payroll database at vendor’s (update3)”

  1. Robin Selstad says:
    March 11, 2014 at 1:54 pm

    I work for you and another employee told me about the letter so this is why i’m emailing you now I would like for you to send me an email instead of a letter with the information that i need to get protected and the services your offering to help me feel safe.
    thank you,
    robin in kelso washington

    1. Dissent says:
      March 11, 2014 at 3:44 pm

      I hope you actually emailed them and didn’t just post a request here, as I doubt they’ll read the comments on this blog.

  2. geoff t says:
    March 21, 2014 at 1:26 pm

    Any idea who the payroll provider was?

    1. Dissent says:
      March 21, 2014 at 2:50 pm

      No clue. If you find out, please let me know.

      1. Ji says:
        March 31, 2014 at 12:04 pm

        I’m trying to find out too. It’s strange how so many articles have been published on the web concerning this entire fiasco and yet not one mention is made anywhere of the name of the company who was responsible for this.

        1. Dissent says:
          March 31, 2014 at 2:12 pm

          It’s not uncommon for a vendor/contractor’s name to be shielded, and yes, it’s frustrating, which is why I try to follow-up over time to see if we can find out more.

  3. Ji says:
    March 31, 2014 at 12:01 pm

    What’s so upsetting is this company contracted by ALC could have prevented this from happening. It’s frustrating to say the least knowing your your name, DOB, social and banking information is out there floating around somewhere. I have called my former employer and they will not return my calls. I just had someone hack into my checking account in the last few days and I cannot help but wonder if it is directly connected with this breach. I will be forced to go down to close out all of my accounts and reopen new ones and I will also have to cancel my card and get a new one. It’s extremely anguishing to know that all of your personal information has been contracted out to a third-party without your knowledge or consent. Where to go from here???

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy
  • Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
  • N.W.T.’s medical record system under the microscope after 2 reported cases of snooping
  • Department of Justice says Berkeley Research Group data breach may have exposed information on diocesan sex abuse survivors
  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • FTC dismisses privacy concerns in Google breakup
  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.