DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Double whammy: Avention investigating two data breaches involving employee info

Posted on May 13, 2016 by Dissent

Massachusetts-based Avention, formerly known as OneSource Solutions, is investigating two recent data breaches that may, or may not, be the work of the same criminal(s).

In a letter to the New Hampshire Attorney General’s Office, their external counsel provides a chronology of events, beginning with reports by some employees on April 19 that their tax returns had been rejected because returns had already been filed in their names. Avention promptly launched an investigation, started scanning its internal systems, and contacted all its vendors.

On April 28, Avention learned that an employee’s login credentials to their human resource information system (HRIS) vendor had been used to download all employees’ I-9 forms on March 31.  I-9 forms are provided by the United States Citizenship and Immigration Services and are used by employers to verify employment eligibility. Completed forms  include the employees’  names, addresses, and Social Security numbers, and may also include passport numbers, driver’s license numbers, birth certificates, and/or other government-issued identification numbers.

Of note, it would appear that the unnamed HRIS vendor did not detect the misuse of the login credentials until they were asked to investigate.

Avention confirmed with the employee whose login credentials had been used that s/he had not downloaded the I-9 forms, and then contacted external counsel and federal law enforcement. They also retained a cybersecurity firm to investigate.

If April 28 was bad, the next day would be no better. On April 29, Avention learned that on April 5, an employee had fallen for a phishing scam and had emailed all employees’ W-2 statements to an unauthorized individual.  W-2 statements include names, addresses, Social Security numbers, wages, and taxes withheld in 2015.

It appears that the employee who fell for the phishing scam is not the same employee whose login credentials were misused to access the I-9 forms, but DataBreaches.net is attempting to confirm that.

It would also appear that like the I-9 breach, the W-2 breach had also gone undetected until Avention began investigating the employees’ reports of problems with their returns.

Avention, whose LinkedIn profile indicates 201-500 employees, notified its employees on April 29 in a town hall meeting, and then followed up with email notification to current and former employees on May 4. Letters with an offer of three years of credit monitoring for those affected began going out this past week.

Avention has offices across North America, Europe and APAC.

DataBreaches.net contacted Avention’s media representative as to how many employees, total, were impacted by these breaches, but did not receive an immediate response. This post will be updated as more information becomes available.

Update: Post-publication, Avention submitted a statement that did not address any of the questions DataBreaches.net had put to them:

Avention recently learned that we suffered a security incident, which resulted in unauthorized access to certain employee information, including Social Security numbers, by an unknown source.  As soon as Avention discovered this crime, we immediately launched an investigation, hired a leading cybersecurity firm, and contacted federal law enforcement.   

Avention takes this attack on our personnel extremely seriously. We notified affected individuals of the incident so that they can protect themselves and are providing three free years of identity theft protection services, including insurance for losses and credit monitoring.

Avention is continuing to investigate this matter, and we are also conducting a thorough review of our security measures, internal controls, and safeguards in an effort to help prevent a similar incident in the future.  The security of employees’ information is a top priority, and we continue to take all appropriate and necessary steps needed to address the situation.  

This security issue is internal only and did not impact our customers.  Our products, services, and commercial services were also not effected. That being said, we are vigilantly monitoring all our data sources to protect against future attacks.

DataBreaches.net has sent a response  to Avention to see if they will answer the substantive questions put to them.

Update: Well, no, they won’t, it seems. They responded:

Avention cannot respond to some of the questions but wanted to ensure you
had some additional information. What they are most concerned about right
now is making sure they protect those who have been affected.


Related:

  • Government will 'robustly defend' compensation claims from Afghans put at risk by data breach
  • Authorities released free decryptor for Phobos and 8base ransomware
  • Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
Category: Breach IncidentsBusiness SectorID TheftOf NoteOtherPhishingU.S.

Post navigation

← GA: Former IRS Revenue Agent Pleads Guilty to Aggravated Identity Theft of Taxpayer Information
Southern Michigan Bank & Trust notifies customers of stolen laptop →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Government will ‘robustly defend’ compensation claims from Afghans put at risk by data breach
  • Authorities released free decryptor for Phobos and 8base ransomware
  • Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 𝐔𝐠𝐚𝐧𝐝𝐚 𝐨𝐫𝐝𝐞𝐫𝐬 𝐆𝐨𝐨𝐠𝐥𝐞 𝐭𝐨 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐚𝐬 𝐚 𝐝𝐚𝐭𝐚‑𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐥𝐞𝐫 𝐰𝐢𝐭𝐡𝐢𝐧 𝟑𝟎 𝐝𝐚𝐲𝐬 𝐚𝐟𝐭𝐞𝐫 𝐥𝐚𝐧𝐝𝐦𝐚𝐫𝐤 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐫𝐮𝐥𝐢𝐧𝐠.
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.