ComplyRight was the victim of a criminal cyberattack. In late May 2018, ComplyRight was alerted to a potential issue affecting the tax form preparation websites using our platform. Upon learning of the potential issue, we disabled the platform and remediated the issue on the website. In consultation with third-party forensic cybersecurity experts, we took swift action to secure the data of our partners, business customers and the individuals potentially impacted.
The forensic investigators concluded that there was unauthorized access to our website resulting in compromise of personal information for some individual recipients of tax forms such as 1099 or W-2 forms. Although the forensic investigation determined the information was accessed and/or viewed, the investigators were unable to confirm whether the information was downloaded or otherwise acquired by the unauthorized user. And at this time, we are not aware of any reports of identity fraud as a direct result of this incident.
Nevertheless, out of an abundance of caution, we initiated a thorough communication plan to advise all affected businesses and individuals to explain what happened and provide the individuals with information (What to Do When You Receive a Data Breach Notice) and services to help safeguard them against identity fraud, including 12 months of free credit monitoring and identity theft protection services.
At ComplyRight, we take privacy and security very seriously and sincerely apologize for this occurrence. We have been providing businesses with tax reporting products and services for more than 30 years. We share your concern about cyber security and remain committed to continuously updating our practices to protect individual privacy.