Payroll processing firm Ceridian this week is advising more than 1,900 customer companies that a hacker managed to access the company's Internet payroll system in late December, potentially compromising the sensitive data of more than 27,000 workers.
Minneapolis-based Ceridian, which dealt with a similar breach of its Internet system in 2007, said this attack impacted less than one-tenth of one percent of the employees for whom it provides payroll services.
The data exposed included the employees' names, Social Security numbers, and in some cases, bank account information and birth dates.
Ceridian officials said they immediately notified the FBI and local law enforcement once the breach was discovered. The company is now notifying affected individuals.
"We took immediate preventive steps to ensure no further incident of this type would occur," Keith Peterson, spokesman for Ceridian, said in a statement. "While the total number of employees affected is small, in our minds one is too many, and we are handling this incident according to our established protocol."
Ceridian joins a long list of businesses who have reported a variety of hacking attacks and security lapses in the past year that have put millions of people's personal information at risk.
According to the nonprofit Open Security Foundation, there were more than 400 major data breach incidents last year at hospitals, universities, military bases, and private-sector companies.