FTC settles with Minn. company over data theft
Go Deeper.
Create an account or log in to save stories.
Like this?
Thanks for liking this story! We have added it to a list of your favorite stories.
The Federal Trade Commission has settled charges against Bloomington-based Ceridian for allegedly failing to protect sensitive personal information of customers' employees.
Ceridian provides companies with payroll and other human resource services. The FTC said Ceridian's security measures were inadequate to protect its network from reasonably foreseeable attacks.
In September 2009, a hacker stole the information of about 28,000 employees who worked for Ceridian's small business customers.
"The attacker was able to obtain numerous types of information, including Social Security numbers and direct deposit account information," said Tiffany George, an FTC attorney. "Bank accounts, credit union accounts or wherever anyone would have their paycheck direct deposited."
Ceridian admitted no wrongdoing. But the settlement bars the company from making misleading claims about the privacy of personal information. Ceridian must also obtain independent, third-party security audits every other year for 20 years.
Turn Up Your Support
MPR News helps you turn down the noise and build shared understanding. Turn up your support for this public resource and keep trusted journalism accessible to all.