Blog

Data Breach at Sequoia One Exposes Sensitive Customer Information

Dec 20, 2022 | Blog

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked.

Sequoia One specializes in the management of human resources, benefits, and payroll. For the past 21 years, they’ve worked with both corporate clients and individuals. Sequoia promises to take care of business owners’ administrative needs so that they can focus on their mission. However, on December 7, 2022, customers received a notice that suggests their administrative problems may have just begun.

The company disclosed that an unauthorized party may have accessed its cloud storage system between September 22 and October 6, 2022. This breach puts several pieces of sensitive information at risk, including names, social security numbers, dates of birth, marital statuses, email addresses, and vaccine cards.

As soon as the breach had been identified, the company enacted its response plan. And after performing a forensic review with the help of Dell Secureworks, a leading global security firm, it was determined that the software didn’t contain any ransomware. Also, it’s suspected that the unauthorized user had “read-only” access because no client data was changed or distributed.

Sequoia One is not the only California-based company that is struggling with data security issues. In fact, over the last five years, this state has been at the top of the list of states that have experienced data breaches. Well-known names such as LendingTree, Kaiser, Blue Shield of Southern California, Macmillan, and Humana are counted among the companies.
As a rule, companies that store consumer data are responsible for keeping it safe from unauthorized access. But a data breach doesn’t automatically make the company financially liable for the victim’s damages. The company can only be held responsible if the breach resulted from negligence. Instances of negligence include failing to implement an up-to-date security system, mistakenly making sensitive information publicly available, sending consumer information to unauthorized parties, opening unsolicited emails containing malware, and responding to phishing attacks.

Sequoia One boasts more than 1700 corporate clients and more than 200 international clients. However, when the company was asked about how many of their clients had been affected by the breach, they remained tight-lipped. “At this time, our focus and communication is only with our clients,” said Kristin Schaeffer, public relations representative for the company. But according to California state law, businesses must notify the attorney general if a breach affects more than 500 state residents.

While Sequoia One may see no evidence of malicious behavior, experts say that it can take time for a data breach’s full impact to surface. And while it hasn’t been made public how many customers have been affected by the breach, the company is offering all of its client’s free identity protection services for three years in order to help mitigate the situation. They’ve also notified clients that are most at risk. The company has not yet made public how the unauthorized party gained access to its system.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Last Microsoft Edge Update for 2022

Last Microsoft Edge Update for 2022

A new version of Microsoft Edge is available for Windows, macOS, and Linux. While the update is relatively small, it contains two feature upgrades and significant security fixes, including one for the Chromium engine's "Type confusing in V8" vulnerability....

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech