Mansueto Ventures, publisher of business magazines Inc. and Fast Company, has suffered a breach of sensitive employee data such as wage information and Social Security numbers—data which can easily be exploited to steal a person’s identity or wreak havoc on their personal credit history.
The hackers have already used the illegally obtained information to file fraudulent federal and state tax returns, one source told the New York Post. One insider said that the rumor is that stolen IDs of 90% of the employees were used to file the fraudulent tax returns.
“I am irate,” one affected staffer told the paper. “Tax filings on the state-local [level] have been filed under my Social Security number. People are put off as to why they have to spend their own time and resources to begin to rectify this.”
The company, founded by billionaire Joe Mansueto, who also founded Morningstar, confirmed the data breach and said it has notified law enforcement officials.
While it is not clear how the data was obtained, it is suspected that the breach was possible because the sensitive data was unencrypted.
The oversight is troubling to file security expert Scott Gordon, COO of FinalCode.
“It is difficult to comprehend why a company wouldn’t take necessary measures to protect its data and its employees from a preventable exposure,” he told Infosecurity via email. “There is no shortage of opinion lately, on the role of encryption to protect privacy. The cloud continues to transform the way that companies interact with their employees, partners, consultants and customers. When you consider how common cyber-threats are, it’s careless for any company to not encrypt Social Security numbers, financials, health insurance information and other sensitive employee or customer data that is subject to regulations. To address these evolving conditions, companies need to secure and control the data over its entire lifecycle.”