HR and Compliance Company Suffers Website Breach

If you’re like me, you get a lot of unnecessary mail in your mail slot at home. Most of it doesn’t get opened, but just goes from the mail slot right into the recycle bin, with confidence that I don’t need to read it. Sometimes, however, I open something that I suspect is “unnecessary,” but out of an abundance of caution, I still want to take a look. Fortunately, opening the paper mail when you don’t know the sender doesn’t carry the risks that opening unknown email messages do. When I opened one of those envelopes from a company with which I was unfamiliar, ComplyRight, Inc., I just sighed. It was a big sigh too.

Why the big sigh, you ask? Well, it wasn’t junk mail. Instead, in big bold letters in the upper right corner were the words “NOTICE OF DATA BREACH.” This was discovered on or near May 22, 2018. The letter is dated July 13, 2018. I’m sighing again right now. It just seems to happen all the time and it’s exhausting.

ComplyRight is a company that helps employers “streamline administrative tasks and simplify compliance with federal, state and local labor laws,” (from its LinkedIn profile). In other words, they help with payroll and human resources, compliance, and other similar tasks. So this notice I read was because someone breached the company’s website and accessed names, addresses, telephone numbers, email addresses, and social security numbers of an unknown number of people. In fact, it’s difficult to find information on the Internet about this breach. However, because it provides services to businesses, and claims that its HRdirect product is the leading provider of ComplyRight products for HR, it has potential to be a big one.

If you received this letter, take them up on the one-year of free credit monitoring services. It won’t protect you from fraud or identity theft, or even prevent someone from opening a credit account using your information. However, these services will notify you if someone tries. You can also set alerts on your credit reports. Contact the credit bureaus to find out how to do this.

Monitor your reports too. Don’t forget to order your free ones every year. This can be done at annualcreditreport.com. You can order one every four months to keep a better eye on them and have the opportunity to react to potential fraud faster.

Also, consider placing a credit freeze on your report. This will prevent new accounts from being opened. In fact, it even prevents you from getting access to it. So, if you are not applying for credit, putting in applications for jobs or living accommodations, etc., consider a freeze. Starting this fall, the bureaus will not be able to charge for this. Until then, there may be a small fee to freeze and unfreeze it. Keep in mind that you can temporarily unfreeze it as well and it’s fairly easy to do, if you do need to access it.

I froze mine long ago…even before the Equifax breach last year. The risk of identity theft is just too significant right now to wait. It’s worth the money to make it happen now.