Chicago's Assisted Living Concepts (ALC) recently began notifying approximately 43,600 current and former employees that their personal information may have been exposed when an unauthorized person gained access to ALC's login credentials at its payroll services vendor (h/t DataBreaches.net).
The breach occurred between December 14, 2013 and January 14, 2014, and exposed current and former employees' names, addresses, birthdates, Social Security numbers and pay information. The vendor notified ALC of the breach on February 14, 2014.
"We have reported the incident to law enforcement authorities, including the Federal Bureau of Investigation (FBI), and are cooperating with them," ALC CEO Jack R. Callison, Jr., wrote in the notification letter [PDF]. "In addition, upon learning of this issue, we immediately took steps to prevent any further unauthorized access to our payroll systems, deactivating the user credentials that were compromised and taking our payroll systems offline until the issues were resolved. Our vendor has also implemented a new, two-factor authentication procedure for access to sensitive payroll records. We are utilizing this new additional capability going forward."
All those affected are being offered one year of free credit monitoring through Experian's ProtectMyID.