NOTICE: If you received a NOTICE OF DATA BREACH letter from Sequoia Benefits & Insurance Services, contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.
On or about December 7, 2022, Sequoia Benefits & Insurance Services, LLC (“Sequoia”) sent a Notice of Data Breach Letter (“Breach Letter”) to its customers, corporate, and individuals, informing them that their personally identifiable information (“PII”) was exposed through an “unauthorized party” that “may have accessed a cloud storage system” (“data breach”).
According to the Breach Letter, hackers first gained access to Sequoia’s systems between September 22, 2022 and October 6, 2022. The PII stolen by the hackers included, but was not limited to, name, Social Security numbers, address, date of birth, gender, marital status, employment status, work email addresses, member ID’s, wage data for benefits, attachments (if any) you may have provided for advocate services, ID Cards, COVID test results or a vaccine card you may have uploaded.
Although Sequoia states it learned of the data breach only “recently,” it still waited months to provide actual notice to victims despite knowing that hackers accessed its cloud storage system and accessed sensitive PII. In the Breach Letter regarding Sequoia’s forensic review, it informed victims it found “no evidence of data being used or distributed” at that time. This means the forensic review examined the company’s information systems to determine the scope of the intrusion and what data was taken but typically does not determine whether the hackers have misused or distributed the data.
Sequoia is a large human resources and payroll software company headquartered at 1850 Gateway Drive, Suite 700, San Mateo, California 94404. Sequoia One PEO provides outsourced human resources, benefits management and payroll services to hundreds of venture-backed companies. Sequoia states it has over 1,700 corporate clients and over 200 international clients – meaning it stores sensitive personal information on millions of employees and their family members. Last year it realized approximately $184 million in revenue.
Currently, Sequoia has declined to state the date it actually discovered the hack or divulge how many individuals or corporate clients were impacted. If you received a Breach Letter from Sequoia, you were impacted by the data breach. Contact us now!
For this breach, Sequoia has offered data breach victims 36 months of Experian Identity Works credit and identity monitoring, but the deadline for victims to enroll may be a short window.
According to Sequoia, the following information was exposed:
This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.
The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).