HR data analytics company Zeroed-In Technologies was hacked in August this year. Three months after discovering the breach, the firm has now notified Maine’s authorities, saying that the data of nearly two million people was exposed.
The company disclosed to the Maine Attorney General that 1.977 million people were affected in a recent breach of its systems. The hackers may have obtained names, dates of birth, and Social Security numbers.
Zeroed-In Technologies, a Fort Myers, Florida-based data company, provides a cloud-based HR analytics platform for businesses. Its software helps collect, analyze, and visualize workforce data. According to the company’s website, it has 30K registered users with 2.7 million “work lives.”
Zeroed-In discovered suspicious activity related to specific network systems on August 8th, 2023. According to the notification, the investigation revealed that hackers gained unauthorized access to certain systems the day before.
“Zeroed-In immediately took steps to secure the systems and launched an investigation into the nature and scope of the activity,” the company explained.
It took the company until August 31st to complete a review of the incident. The admission to the Maine Attorney General’s office was made almost three months later, on November 27th.
In the US, no federal law sets a specific timeframe for companies to notify authorities about cyber incidents affecting personal information. Only public companies have an obligation to disclose any “material” cybersecurity incident to the Securities and Exchange Commission (SEC) within four business days.
The state of Maine requires organizations to disclose all cyberattacks affecting the state’s residents. In this incident, 7034 Maine residents were affected.
The company claims it’s “providing notice to individuals and regulators, as required.”
“Notification to impacted customers and individuals is ongoing, and Zeroed-In may supplement this notification if it is determined that a significant amount of additional Maine residents will receive notice,” it wrote.
Zeroed-In also notified federal law enforcement regarding the event, implemented additional safeguards, and its existing policies and procedures were under review.
Zeroed-In Technologies said that it was able to determine which systems were breached by the hackers, but it couldn’t confirm which specific files may have been accessed or taken. Those systems contained personal data, including names, dates of birth, and Social Security numbers.
Affected individuals will be provided with guidance on better protecting against identity theft and fraud. Zeroed-In is also offering access to 12 months of credit monitoring and fraud assistance services free of charge.
More from Cybernews:
Subscribe to our newletter