Entertainment Payroll Firm BreachedActors' Personal Details May Have Been Exposed
ART Payroll, which serves the entertainment, advertising, and events production industries, is notifying an undisclosed number of individuals of a data breach that may have compromised sensitive information, including Social Security numbers.
The Screen Actors Guild-American Federation of Television and Radio Artists, an American labor union that represents more than 165,000 actors and other performers, issued a statement on its website, saying some of its members have received a notice from ART Payroll regarding the breach.
"We are working with ART Payroll to ensure all proper steps are taken to mitigate this data security breach," SAG-AFTRA says.
The payroll company says it detected an unauthorized login to its Web application on Oct. 18, according to its breach notification letter sent on Nov. 26. During a two-hour period, the cyber-attackers had access to a database that contained personally identifiable information, the company reports.
"We don't have strong evidence that the [intruders] took information," says Chris DiIenno, a partner at the law firm Lewis Brisbois Bisgaard and Smith, which represents ART Payroll. "But they had access. We don't know what they saw conclusively, so we're notifying all of our clients in the database."
DiIenno declined to provide the number of individuals who may have been impacted.
Information that may have been compromised includes names, Social Security numbers, addresses and ART account numbers. For a subset of the database, some individuals may have had their bank account information, date of birth, e-mail address, ART account user ID and password, and telephone number exposed, DiIenno says.
After detecting the intrusion, ART Payroll launched an investigation and hired outside forensics experts to confirm whether employee information may have been exposed. On Nov. 10, experts determined that information may have been accessed by the cyber-attackers, the company.
"While our investigation is ongoing, it is possible that none of your information was accessed or taken," ART Payroll says in its notification letter. "We are unaware of any actual or attempted misuse of your information, but we are providing notice of this incident to you out of an abundance of caution."
ART Payroll says it has analyzed its systems and processes and implemented additional measures to secure individuals' personal information. Affected individuals are being offered free credit monitoring and identity restoration services.
The incident follows the widely reported Sony Pictures Entertainment hack, where a group calling itself Guardians of Peace allegedly stole tens of terabytes of data, including sensitive internal documents listing all employees' salaries, before apparently wiping Sony hard drives and network drives (see: Sony Hack: 'Destover' Malware Identified).
DiIenno says the breach at APT Payroll does not appear to be connected to the Sony Pictures incident.