Slashdot Mirror
ADP Experiences Security Breach
wiredmikey writes "HR and Payroll outsourcing giant Automatic Data Processing, Inc. (ADP) experienced a system intrusion, the company announced Wednesday. ADP said it was investigating and taking measures to address the impact of a system intrusion that occurred with a client at Workscape, a benefits administration provider that ADP acquired in August 2010. ADP has also been actively cooperating with law enforcement to determine the cause of this incident and to assist authorities in identifying and apprehending those responsible. ADP added the following in a statement: 'Because this incident is the subject of an ongoing law enforcement investigation, ADP cannot disclose any additional details at this time. ADP will provide further updates once information that can be made public becomes available, and we will continue to communicate with all affected parties as appropriate.'"
The article makes grand mention of ADP, but the the affected systems are far less significant than if it were ADP itself. I don't know what ADP's services are like now, but I recall a time when my accounting people required MSIE and ActiveX controls to access ADP's services. That alone made me worry extensively about ADP's notion of security. But reading the article, I see that it's something else entirely.
The compromise was at Workscape which I imagine had not integrated its network with ADPs larger network. The organization appears not to have much to do with payroll or money services at all.
I thought this would be a good idea at first, until I realized that most of the companies still on the whitelist would just become targets....and just because they haven't gotten hacked yet, doesn't mean they have good security measures.... Frankly, I think companies who have gotten hacked would be better alternatives considering the CEOs probably dont ever want to mess around with budget cuts when it comes to infrastructure security.... ""Looking at you, Sony"