ComplyRight, registered and hosted at ComplyRight.com, was a victim of a criminal cyberattack that occurred on May 22nd, 2018. Specifics as to how ComplyRight was breached were just recently published on July 18th, 2018, which we will discuss in more detail below. To learn more about ComplyRight and whether or not your personal and financial information are at risk, we invite you to continue reading onward.
What is ComplyRight?
ComplyRight is a relatively popular company that specializes in providing employers with affordable solutions to better manage and navigate their businesses while still doing right for their employees. Among some of the services offered would be assistance with hiring to training protocols, accurately conducting time logs and record keeping, along with complying with labor law posting and tax information reporting.
In other words, ComplyRight provides corporate services to help employers prioritize and reduce the overall burden of spearheading a company. In addition to rendering valuable corporate services, ComplyRight is well-known for providing companies with workplace safety and performance management guides.
Corporate Insight
ComplyRight.com is operated by ComplyRight, Inc. According to the Better Business Bureau, ComplyRight has been in business for over 30 years, is BBB accredited and reflects an A+ rating. Further research will go on to reveal that Taylor Corp is the active parent company of ComplyRight, Inc.
As far as research suggests, there is no evidence to support the possibility of ComplyRight being a scam. If anything, their security breach was nothing short of a premeditated assault to gather intel regarding sensitive employer and employee information.
How was ComplyRight Breached?
Just a week ago, ComplyRight rendered an incident notice as to our their platform was breached. Among part of their incident notice would be the following explanation, “The forensic investigators concluded that there was unauthorized access to our website resulting in compromise of personal information for some individual recipients of tax forms such as 1099 or W-2 forms. Although the forensic investigation determined the information was accessed and/or viewed, the investigators were unable to confirm whether the information was downloaded or otherwise acquired by the unauthorized user. And at this time, we are not aware of any reports of identity fraud as a direct result of this incident.”
According to their report, less than 10% of individuals who utilized ComplyRight to manage tax forms were affected by their data breach. Among some of the information confirmed to be breached would be names, addresses, telephone numbers, Social Security numbers and email addresses submitted by individual tax form recipients.
It should be noted that after their investigation, forensic investigators concluded that no breach to credit card or banking information were found. While this does provide some reassurance for some of those affected, it is still estimated that approximately 662,000 were affected by this data breach.
How ComplyRight is Addressing the Breach
ComplyRight notified law enforcement shortly after the discovery of the breach of their site. In addition, ComplyRight notified the IRS, regulators including state Offices of Attorney General. For those who were affected, ComplyRight is also providing 12 months of free credit monitoring and identity theft protection services through TransUnion.
While ComplyRight was supposedly engineered with top-of-the-line security recommended by the government, ComplyRight has assured those affected that every measure deemed necessary is being employed to ensure this would not happen again.
To Those Directly Affected
Those who were reported to be directly affected by the incidental breach of ComplyRight should have received a letter shortly after the breach was discovered in May. If you feel like your information may have been jeopardized but are unsure, you can contact ComplyRight at contact@complyright.com or by calling (954) 970-5500.
Furthermore, for those who have received a letter from ComplyRight, you are eligible to file Form 14039, an identity theft affidavit with the Internal Revenue Service. For those of you who decide to file Form 14039, you are requesting the IRS to send you what is known as an IP PIN, which is a special code only sent one time by the IRS that must be submitted when filing taxes.
The reason why you should file Form 14039 with the IRS would be to help prevent any misuse of your personal information that may have been breached at ComplyRight. Those who are responsible for the breach could file taxes with your stolen information therefore stealing your tax refunds, which sadly has become increasingly common over the past few years.
ComplyRight Review Conclusion
ComplyRight has rendered a number of valuable corporate services to employers across the United States for the past 3 decades. While we never like to hear of security breaches like the ones suffered at complyright.com, these sort of cyber breaches are becoming increasing more common while we continue to advance further into the digital age.