Payroll and human resources giant Sequoia said a data breach exposed extremely sensitive information about its users, including salary and benefits information, SSNs and other government-issued identifiers, and even COVID-19 data, such as the status of vaccination.

In a data breach notice (opens in a new tab) to the California Attorney General's office, the company, which has proven popular with SMBs and start-ups, explained that it "recently became aware that a An unauthorized party may have accessed a cloud storage system containing personal information provided as part of the Company's services to its customers, including your employer or, if you are a dependent, the employer of a family member ”.

Other data that could be at risk include names, dates of birth, gender, marital status, and contact details such as work email addresses.

Sequoia Data Breach

Based on the company's findings, and those of its research partners, including Dell Secureworks, no evidence of malicious tools or ransomware was found. It appears that the data was exposed between September 22 and October 6, 2022 and was read-only, suggesting that the data should remain intact.

To address this significant incident, Sequoia has extended Experian IdentityWorks' fraud detection and identity theft protection service to its users and their dependents for 36 months.

Additionally, the company urges affected users to monitor their credit accounts with credit reporting companies such as Equifax, Experian, and TransUnion, and consider placing a PIN-protected credit freeze to prevent unauthorized opening of any other accounts in their name. .

TechRadar Pro contacted Sequoia for more information on the case, including how the database was accessed.