The names, Social Security numbers and bank account numbers of some 27,000 people were exposed when a hacker breached a Twin Cities-based payroll company's pay system.
Officials at Ceridian Corp. said they discovered the security issue in late December and immediately contacted the FBI and local law enforcement.
The company also changed the passwords for all its Powerpay payroll system customers, including those for the 1,900 companies affected, said Keith Peterson, Ceridian's vice president of marketing and communication.
The employees that might have been affected by the security breach weren't contacted until a month after the incident, but Peterson said that's because officials were still trying to determine what the hacker had done.
"We wanted to make sure we knew exactly what records had been taken," Peterson said. "It's somewhat complicated to understand what the hacker had done, so we worked with authorities to basically recreate what the hacker had done."
Peterson said there have been no signs so far that any of the employees' information was used to make illegal financial transactions, but Ceridian has given identity theft protection to all the employees who had their information exposed. Authorities are still trying to figure out the hacker's identity, he said.
The employees affected represent less than 1 percent of those in Ceridian's payroll system, but Peterson said the size of the breach doesn't matter.
"Clearly, any time any data is breached it's a concern," he said. "Even one employee is too many."