Assisted Living Concepts, LLC is currently in the process of mitigating a recent data breach that potentially puts the personal information of its staff at risk of exposure to unauthorized parties.
Last week, the Chicago-based company wrote a letter to New Hampshire’s Office of the Attorney General Joseph A. Foster to inform of a “security concern” related to the company’s payroll services.
On February 14, the outside vendor that provides ALC with payroll services notified the company that an “unauthorized third party improperly obtained” access to its vendor credentials, gaining access to the company’s payroll files for current and former employees, according to the letter written by ALC Executive Vice President and General Counsel Peter Tarsney.
The activity occurred between December 14, 2013 and January 14, 2014, with the hacked records including the names, address, birth dates, social security numbers and pay information of 43,600 former and current employees.
One New Hampshire resident was also affected by the data breach, which ALC believes to be a former employee of the company since they currently do not have any senior living communities in the state, ALC’s Vice President of Corporate Communications Monica Lang told SHN.
ALC and its subsidiaries own and/or operate approximately 200 assisted living communities in 20 different states—none of which are located in New Hampshire.
“The payroll vendor breach affected both current and former employees,” Lang said. “We assume that the New Hampshire resident is one of our former employees.”
The company also suspects that whoever committed the data breach probably plans to use the obtained info to file false tax returns, Land added.
ALC has already taken measures to prevent further data hacking, according to the letter written by Peter Tarsney, executive vice president and general counsel at ALC.
“We took immediate steps to prevent any further unauthorized access to our payroll systems, including deactivating the user credentials that were comprised and taking our payroll systems offline until the issues were resolved,” Tarsney wrote in the letter.
The written letter to Attorney General Foster also includes a template letter, which ALC intends to distribute to staff that informs them of the data breach.
In efforts to mitigate potential risks to employees, ALC arranged for a complimentary one-year membership to Experian’s ProtectMyID Alert, which includes daily credit monitoring, identity theft resolution and identity theft insurance.
The company said it is continuing its investigation into the data breach, having already notified the FBI and is currently in the process of notifying other state authorities, including the Internal Revenue Service.
Last week, a data security expert shared with SHN several ways for senior living providers to protect against hacker attacks.
Written by Jason Oliva