The Aftermath of the Kroger/Equifax W-2 Breach

On May 6, 2016, Kroger had to notify 430,000+ current employees and former employees that their W-2 information had been breached. Unfortunately, the breach took place through a third party vendor, Equifax W-2 eXpress site.

Three parties are involved in and affected by this breach: Kroger, Equifax, and Kroger’s current and past employees. All the facts are not yet in, but we know enough at this point to explore the details of what happened, as well as what each party (and others like them) could do in the future to make breaches like this far less likely to happen—and less damaging when they do.

Kroger hired Equifax to provide its convenient, electronic W-2 system to Kroger employees. In its email to employees, the retail giant acknowledges that Equifax’s W-2 eXpress site uses default login information based on SSNs and dates of birth (according to Krebs on Security, only the four-digit birth year is needed). As this breach and others like it have shown, SSNs and birth information are relatively easy for criminals to acquire.

To read the full article, click here.

Tags:  breach response, Data Breach, data breach notification, data breach prevention

Del.icio.us

Facebook

TweetThis

Digg

StumbleUpon

Comments:  0 (Zero), Be the first to leave a reply!

You might be interested in this:  

•  Data Breach Exposes 42 Million Plaintext Passwords - Really?
•  Data Breach gets schooled
•  Ponemon Releases Sixth Annual Study on Healthcare Data Breaches
•  Financial Management of Cyber Risk
•  Who Owns Your Electronic Health Record?

---

Copyright © Data Breach Watch [The Aftermath of the Kroger/Equifax W-2 Breach], All Right Reserved. 2016.

The post The Aftermath of the Kroger/Equifax W-2 Breach appeared first on Data Breach Watch.

from Data Breach Watch http://ift.tt/23eUWqL