On December 8, 2022, news outlets began reporting on a data breach at Sequoia, the large human resources and payroll software company. Evidently, Sequoia recently provided notice of a data breach to individuals affected by a recent data security incident that exposed their sensitive information. While Sequoia has not yet filed official notice of the breach, based on preliminary reports, the affected cloud storage repository contained the following customer information: names, addresses, dates of birth, Social Security numbers, work email addresses, wage data, member IDs, Covid-19 test results, and vaccine card images. After confirming that consumer data was leaked, Sequoia began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach letter from Sequoia or Sequoia One, it is essential you understand what is at risk and what you can do about it. The fact that you did not directly provide your information to Sequoia does not impact the company’s obligation to keep your information secure. However, it also doesn’t change the fact that, as a result of the Sequoia breach, you are now at an increased risk of identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Sequoia data breach, please see our recent piece on the topic here.
What We Know About the Sequoia Data Breach
The available information regarding the Sequoia breach comes from a recent WIRED report. According to this source, recently, Sequoia learned of a potential data security incident related to unauthorized access to a cloud storage repository that contained information related to the company’s Sequoia One customers. In response, the company secured its network and then began working with a third-party data security firm to determine the nature and extent of the incident, as well as what consumer data may have been leaked.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Sequoia began to review the affected files to determine what information was compromised and which consumers were impacted. This process is apparently still underway; however, WIRED reports that the compromised data includes the following consumer information: names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, and member IDs as well as any other ID cards, Covid-19 test results, and vaccine cards.
Recently, Sequoia sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. There is not yet any indication how many people were affected by the Sequoia One data breach
Sequoia One is a professional employer organization (“PEO”) based in San Francisco, California. As a PEO, Sequoia One provides outsourced HR, benefits, and payroll services, allowing small and growing businesses to focus on growth. Sequoia One is one of several products offered by Sequoia, the large human resources software company based in San Mateo, California. Sequoia employs more than 877 people and generates approximately $184 million in annual revenue.
