News, Info and More…
News, Info and More…
Who and what is ADP?ADP (company) Automatic Data Processing, Inc., commonly known as ADP, is an American provider of human resources management software and services. As of 2010, ADP was one of four American companies to have a AAA credit rating from Standard & Poor’s (S&P) and Moody’s.
How does ADP make their money?
We pay roughly 1-6 working Americans. That’s over 26,000,000.
ADP makes money by holding the employer and employee taxes.
The ADP whistleblower, fired for standing up to illegal business practices at the payroll giant, launched ADPFraud.com, a website documenting the federal crimes he reported to the SEC and FINRA.
Posts from the new site are being shared across social media by thousands of angry ADP customers and employees, expressing their dissatisfaction with the company, and uniting around his message.
The first memo shared by the whistleblower — former top ADP national salesman David M. Schwartz — received more than 11,000 views by going viral on LinkedIn.
The social media campaign is directing angry customers to memos at ADPFraud.com about each area where ADP has ripped off customers or wronged employees.
Visitors can also join a database to document their grievances and to classify all the claims into 10 major categories.
On Twitter, @ADPFraud is going down the timeline to capture the thousands of angry comments posted there since 2009, plus retweeting up to a dozen new complaints that ADP receives each day.
Bless the heart of the ADP employee who has to answer this barrage of angry complaints and demands for better customer service. (There are also many web designers who chime in at @ADP to squawk about how badly its websites and apps are designed, as its paystubs can only be seen by using an old version of Internet Explorer.)
At an average of three complaints per day (and some days, it’s a dozen), that’s 10,000 posts against ADP made publicly by members of the social network, and each of those members are being invited to visit the website.
The hashtags #adpsucks or #adpfail and fun search strings “ADP and ‘the worst’” make identifying the class easy.
The Twitter campaign is highlighting verified “blue check” CEOs and celebrities griping about ADP’s bad customer service and infamously long wait lines, plus sharing articles about the whistleblower’s legal case against ADP.
HR giant ADP, which provides payroll, tax and benefits administration for more than 640,000 companies, was hit hard by identity thieves this week. The perps made off with tax and salary data, according to a report from Brian Krebs—although the actual number of people affected has yet to be revealed.
The incident is an example of an increasingly sophisticated population of identity thieves, which uses complex, multi-stage attack vectors to get what they want.
Krebs explained that to access the information, the thieves used employee names from multiple firms to register accounts on an ADP external-facing web portal that employees can use to view their payroll information, including W-2s.
ADP Chief Security Officer Roland Cloutier explained that to create an account, users need to sign up using their name, social security number and date of birth—pretty basic information that can be easily lifted by skilled hackers. But to activate the account, users need a specific link and company code. The victim companies were the ones that published their signup link and code somewhere publically accessible.
“We viewed the code as an identification code, not as an authentication code, and we posted it to a Web site for the convenience of our employees so they could access their W-2 information,” said Dana Ripley, a spokesperson for one of the unfortunate victims, U.S. Bank. “We have discontinued that practice.”
Jennie Carlson, executive vice president of human resources at U.S. Bank, penned a letter to “a small population” of affected employees explaining the situation:
“Since April 19, 2016, we have been actively investigating a security incident with our W-2 provider, ADP…The incident originated because ADP offered an external online portal that has been exploited. For individuals who had never used the external portal, a registration had never been established. Criminals were able to take advantage of that situation to use confidential personal information from other sources to establish a registration in your name at ADP. Once the fraudulent registration was established, they were able to view or download your W-2.”
The personal information needed to open the account was not stolen from ADP, Cloutier stressed. But the tactic is an increasingly prevalent one, according to Carl Wright, EVP and general manager of TrapX Security.
“The attack on ADP by cyber thieves is an example of an increasingly sophisticated hack called a FlowJack,” he said via email. “Hackers can penetrate an organization and gain an understanding of the internal workflow and the necessary credentials to hijack target assets. This interception of critical workflow, or FlowJack, enables hackers to steal important data and then intercept and divert the flow of money—in this case, citizens’ tax refunds.”
Adam Levin, chairman and founder of IDT911, told Infosecurity that while ADP isn’t saying much about who the victims are, the overall number of people affected is likely to be significant.
“As ADP works with more than 640,000 companies, this may only be the tip of the iceberg,” he said. “W-2 data is a hot commodity for identity thieves because it contains the type of sensitive personal information necessary to file fraudulent federal and state tax returns for the purpose of securing tax refunds in the names of victims. This puts a huge bullseye on payroll and human resource companies like ADP that handle such a goldmine of personally identifiable information.”
This site was created to help victims of ADP’s crimes and warn others. Join other victims of frauds, together we will fight back! Contact us if you have been wronged by ADP Payroll Services, Retirement Services, Total Source Division, Tax Fraud, Social Security Fraud, Undisclosed and Excessive Fees, Unauthorized Charges, ADP Partner Programs, FLSA violations and ADP Employee Victims.