ComplyRightComplyRightComplyRightComplyRight
  • WEBINARS
    • Upcoming
    • On Demand
  • TOPICS
    • I want to learn about:
      • Hiring an Employee
      • Creating Policies
      • Paying Employees
      • Discrimination & Harassment
    • Column 2
      • Employment Law
      • Labor Law Postings
      • Employee Leave
      • Employee Recordkeeping
    • Category 3
      • Independent Contractors
      • Tax Reporting
      • Improving Employee Performance
      • Firing an Employee
    • Seven Reasons Why Employee Performance Reviews Still Matter in a Remote Work World

      Employee Performance Reviews
      Read More
  • SOLUTIONS
    • Employee Management
      • Hiring
      • Time and Attendance
      • Training and Safety
      • Recordkeeping
      • Employee Policies
    • Labor Law Posters
      • Poster Guard® Service
      • ComplyRight Posters
      • Electronic Posters
      • Employee Handouts
      • Partner Solutions
    • Tax Information Reporting
      • DIY Filing Solutions
      • Processing Services
      • Partner Solutions
    • NEW! Secure Document Print and Mail Services
    • Featured Solution

      Poster Guard Compliance Protection
      Learn More
  • ABOUT
    • Who is ComplyRight
      • Mission
      • Core Values
      • Leaders
      • Contact
    • Careers
      • Culture
      • Benefits and Perks
    • Brands
      • HRdirect
      • HRdirect Smart Apps
      • Poster Guard
      • eFile4Biz
    • Join Our Team

      Join Our Team
      Learn More
  • SUBSCRIBE

ComplyRight Data Security Incident Notice

ComplyRight was the victim of a criminal cyberattack.  In late May 2018, ComplyRight was alerted to a potential issue affecting the tax form preparation websites using our platform. Upon learning of the potential issue, we disabled the platform and remediated the issue on the website.  In consultation with third-party forensic cybersecurity experts, we took swift action to secure the data of our partners, business customers and the individuals potentially impacted.

The forensic investigators concluded that there was unauthorized access to our website resulting in compromise of personal information for some individual recipients of tax forms such as 1099 or W-2 forms. Although the forensic investigation determined the information was accessed and/or viewed, the investigators were unable to confirm whether the information was downloaded or otherwise acquired by the unauthorized user. And at this time, we are not aware of any reports of identity fraud as a direct result of this incident.

Nevertheless, out of an abundance of caution, we initiated a thorough communication plan to advise all affected businesses and individuals to explain what happened and provide the individuals with information (What to Do When You Receive a Data Breach Notice) and services to help safeguard them against identity fraud, including 12 months of free credit monitoring and identity theft protection services.

At ComplyRight, we take privacy and security very seriously and sincerely apologize for this occurrence. We have been providing businesses with tax reporting products and services for more than 30 years. We share your concern about cyber security and remain committed to continuously updating our practices to protect individual privacy.

ComplyRight Cyber Incident Update – July 18, 2018

 

We recognize how concerning this has been for those affected – and we are working diligently, within our company and with the support of outside experts, to answer your concerns and questions.

What happened?

On May 22, 2018, ComplyRight initially learned of a potential issue involving our tax reporting web platform.  After investigation, we concluded that a criminal cyberattack had targeted some of the personal information maintained on the websites using our platform.

How did this happen?

The investigation determined there was unauthorized access to the ComplyRight web platform that is used by various websites to prepare tax-related forms for individuals (for example, 1099 and W-2 forms). Upon learning of the issue, we disabled the platform, remediated the issue on the website, and commenced a prompt and thorough investigation using external cybersecurity professionals to determine who was potentially affected and what information was accessed or viewed. Although the investigation determined the information was accessed and/or viewed, it could not confirm if the information was downloaded or otherwise acquired by an unauthorized user.

Who's affected?

A portion (less than 10%) of individuals with tax forms prepared on the ComplyRight web platform were impacted by this incident. All affected individuals have been sent notifications via U.S. Mail to their last known addresses.  This letter included information to help safeguard them against identity fraud, including 12 months of free credit monitoring and identity theft protection services through TransUnion.

What information was involved?

The investigation confirmed that the portion of the website that was accessed contained names, addresses, phone numbers, email addresses, and Social Security numbers of individual tax form recipients.

Why did I receive a letter from ComplyRight?

ComplyRight provides a web platform used by a number of different tax form preparation websites. On behalf of those organizations and our clients, we executed the communication plan to advise those affected as promptly as possible.

This is not a scam, and we apologize for any confusion that may have arisen due to your lack of familiarity with our company.

Why did ComplyRight has my information?

Tax reporting forms (such as 1099s or W-2s) sent to you were prepared on a site using the ComplyRight web platform.

How am I affected if I am a site user or employer (payer)?

The investigation found no evidence that any user or payer information was compromised. No credit card or bank account information of users or payers was involved.

What has the unauthorized person(s) done with the individual information?

To date, we are not aware of any reports of identity fraud using individual tax form recipient information as a direct result of this incident. Although the investigation determined that the information was accessed and/or viewed on the website, it was unable to determine whether the information was downloaded or otherwise acquired. Nevertheless, out of an abundance of caution, we provided notice to all impacted individual tax form recipients.  Further, we have no evidence that user or payer information was involved.

What else is ComplyRight doing in light of this incident?

ComplyRight has been providing businesses with tax reporting products and services for more than 30 years. We consistently endeavor to follow the best practices in data security and privacy, utilizing both internal and outside experts.  This incident is unprecedented in our history and we immediately executed additional security measures and analysis of our platform and practices.

We remain committed to maintaining the privacy of information entrusted to us and, moving forward, we will continue to strengthen our security protocols and practices.

I have additional questions about my individual situation. What should I do?

Please call the number provided on your notification letter for immediate assistance.

Again, we extend our sincere apologies to those businesses and individuals affected by this incident.  We understand your concern and will provide additional updates here, if applicable.

Register Now for This Webinar

*Required
Shop Our Brands 
HRdirect
HRdirect Smart Apps
Poster Guard
Formstax eFile4Biz

At ComplyRight, our mission is to free employers from the burden of tracking and complying with the complex web of federal, state and local employment laws, so they can stay focused on managing and growing their businesses.

©2021 ComplyRight, Inc.

Webinars

  • Upcoming
  • On Demand

Solutions

  • Employee Management
  • Labor Law Posters
  • Tax Information Reporting

About

  • Who is ComplyRight
  • Careers
  • Brands

Legal

  • Privacy Policy
  • Terms of Use

Popular Topics

Performance Policies Discrimination and Harassment Employment Law HiringLabor Law PostingsIndependent Contractors

Subscribe to Our Newsletter

Subscribe

Follow Us

  • RESOURCES
    • Knowledge Center
      • Tip Sheets
      • E-Guides
      • Podcasts
      • Infographics
      • Videos
    • Webinars
      • Upcoming
      • On Demand Webinars
    • Research and Trends
      • Compliance Survey
      • Trend Surveys
      • Minimum Wage Monitor
    • HR 101 Courses
  • TOPICS
    • Hiring an Employee
    • Creating Policies
    • Paying Employees
    • Discrimination & Harassment
    • Employment Law
    • Labor Law Postings
    • Employee Leave
    • Employee Recordkeeping
    • Independent Contractors
    • Tax Reporting
    • Improving Employee Performance
    • Firing an Employee
  • SOLUTIONS
    • Employee Management
      • Hiring
      • Time and Attendance
      • Training and Safety
      • Recordkeeping
      • Employee Policies
    • Labor Law Posters
      • ComplyRight Posters
      • Poster Guard®
      • Partner Solutions
    • Tax Information Reporting
      • DIY Filling Solutions
      • Processing Services
      • Partner Solutions
  • ABOUT
    • Who is ComplyRight
    • Newsroom
    • Careers
    • Brands
    • Contact Us
  • SUBSCRIBE
ComplyRight