Automatic Data Processing (ADP) Data Breach (2013)

On August 9, McKesson notified the New Hampshire Attorney Generals Office that it was sending out notifications to some of their employees that their names, Social Security numbers, and gross wages may have been embedded in PDF tax statement files of other employees prepared by ADP for the firm. The problem, caused by a coding error, existed between 2010 and 2012, but only affected those who viewed their tax statement inlines and then downloaded and printed a copy of the pdf file. The coding error was detected on April 29 and remedied on May 4. According to McKessons explanation of the problem, it does not sound like people would readily spot other employees embedded information, but ADP has offered those affected a free year of credit monitoring. The San Francisco-based McKesson distributes pharmaceuticals at a wholesale level and provides health information technology, medical supplies, and care management tools. No patient information was involved in this breach, and McKesson does not indicate when it was first notified by ADP. Letters to affected McKesson employees from ADP began going out on July 29.