Entertainment Payroll Firm Breached

Actors' Personal Details May Have Been Exposed
Entertainment Payroll Firm Breached

ART Payroll, which serves the entertainment, advertising, and events production industries, is notifying an undisclosed number of individuals of a data breach that may have compromised sensitive information, including Social Security numbers.

See Also: Why Active Directory (AD) Protection Matters

The Screen Actors Guild-American Federation of Television and Radio Artists, an American labor union that represents more than 165,000 actors and other performers, issued a statement on its website, saying some of its members have received a notice from ART Payroll regarding the breach.

"We are working with ART Payroll to ensure all proper steps are taken to mitigate this data security breach," SAG-AFTRA says.

The payroll company says it detected an unauthorized login to its Web application on Oct. 18, according to its breach notification letter sent on Nov. 26. During a two-hour period, the cyber-attackers had access to a database that contained personally identifiable information, the company reports.

"We don't have strong evidence that the [intruders] took information," says Chris DiIenno, a partner at the law firm Lewis Brisbois Bisgaard and Smith, which represents ART Payroll. "But they had access. We don't know what they saw conclusively, so we're notifying all of our clients in the database."

DiIenno declined to provide the number of individuals who may have been impacted.

Information that may have been compromised includes names, Social Security numbers, addresses and ART account numbers. For a subset of the database, some individuals may have had their bank account information, date of birth, e-mail address, ART account user ID and password, and telephone number exposed, DiIenno says.

Breach Investigation

After detecting the intrusion, ART Payroll launched an investigation and hired outside forensics experts to confirm whether employee information may have been exposed. On Nov. 10, experts determined that information may have been accessed by the cyber-attackers, the company.

"While our investigation is ongoing, it is possible that none of your information was accessed or taken," ART Payroll says in its notification letter. "We are unaware of any actual or attempted misuse of your information, but we are providing notice of this incident to you out of an abundance of caution."

ART Payroll says it has analyzed its systems and processes and implemented additional measures to secure individuals' personal information. Affected individuals are being offered free credit monitoring and identity restoration services.

The incident follows the widely reported Sony Pictures Entertainment hack, where a group calling itself Guardians of Peace allegedly stole tens of terabytes of data, including sensitive internal documents listing all employees' salaries, before apparently wiping Sony hard drives and network drives (see: Sony Hack: 'Destover' Malware Identified).

DiIenno says the breach at APT Payroll does not appear to be connected to the Sony Pictures incident.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.