ComplyRight Data Security Incident Notice

On May 22, 2018, ComplyRight initially learned of a potential issue involving our tax reporting web platform.  After investigation, we concluded that a criminal cyberattack had targeted some of the personal information maintained on the websites using our platform.

The investigation determined there was unauthorized access to the ComplyRight web platform that is used by various websites to prepare tax-related forms for individuals (for example, 1099 and W-2 forms). Upon learning of the issue, we disabled the platform, remediated the issue on the website, and commenced a prompt and thorough investigation using external cybersecurity professionals to determine who was potentially affected and what information was accessed or viewed. Although the investigation determined the information was accessed and/or viewed, it could not confirm if the information was downloaded or otherwise acquired by an unauthorized user.

A portion (less than 10%) of individuals with tax forms prepared on the ComplyRight web platform were impacted by this incident. All affected individuals have been sent notifications via U.S. Mail to their last known addresses.  This letter included information to help safeguard them against identity fraud, including 12 months of free credit monitoring and identity theft protection services through TransUnion.

The investigation confirmed that the portion of the website that was accessed contained names, addresses, phone numbers, email addresses, and Social Security numbers of individual tax form recipients.

ComplyRight provides a web platform used by a number of different tax form preparation websites. On behalf of those organizations and our clients, we executed the communication plan to advise those affected as promptly as possible.

This is not a scam, and we apologize for any confusion that may have arisen due to your lack of familiarity with our company.

Tax reporting forms (such as 1099s or W-2s) sent to you were prepared on a site using the ComplyRight web platform.

The investigation found no evidence that any user or payer information was compromised. No credit card or bank account information of users or payers was involved.

To date, we are not aware of any reports of identity fraud using individual tax form recipient information as a direct result of this incident. Although the investigation determined that the information was accessed and/or viewed on the website, it was unable to determine whether the information was downloaded or otherwise acquired. Nevertheless, out of an abundance of caution, we provided notice to all impacted individual tax form recipients.  Further, we have no evidence that user or payer information was involved.

ComplyRight has been providing businesses with tax reporting products and services for more than 30 years. We consistently endeavor to follow the best practices in data security and privacy, utilizing both internal and outside experts.  This incident is unprecedented in our history and we immediately executed additional security measures and analysis of our platform and practices.

We remain committed to maintaining the privacy of information entrusted to us and, moving forward, we will continue to strengthen our security protocols and practices.

Please call the number provided on your notification letter for immediate assistance.