BambooHR is a cloud-based human resources (HR) software service headquartered in Utah that provides human resources software as a service for small and midsize businesses. Their services include TraxPayroll.
On February 13, the firm became aware of unauthorized access by an unidentified third party. The initial access appeared to have occurred on February 5. Inappropriate actions that seemed intended to redirect or divert payroll deposits to its own accounts occurred between February 11 and February 13, when the attack was detected. As part of the attack, the attacker accessed the names, social security numbers, states of residence, states of employment, wage types and tax type codes of certain employees.
According to a notification letter from Kent Goates, the firm’s Chief Financial Officer, while the investigation was unable to determine whether the attacker retained employees’ personal information, all employees who had personal information in the report that was accessed are being notified of the incident and offered 12 months of credit monitoring and restoration services from Experian. The number of employees being notified was not disclosed in the letter, a template copy of which appears below.
BHR General Notification Sample_0