US Subsidiary of Teleperformance Discloses Data Breach
Table of Contents
- By Steven
- Published: Dec 12, 2022
- Last Updated: Nov 23, 2023
Unethical, or black hat, hackers have very little qualms against who they'll hack. Often, they'll go with either the easiest target or the most rewarding one, as most criminals do. When we think about the best targets for a hacker, we often think of banks or hospitals. Both house massive PII (personally identifying information) files, making the extra time spent finding a way into the system worth the ultimate reward: thousands, if not millions, of dollars.
However, there are many other places from which a hacker can access a plethora of PII. These include schools, massive companies, and credit bureaus, among others. We’ve even seen government sites get hacked some weeks before the 2022 mid-terms. A telecom service provider would have access to several companies’ information, as well as all of its employee files. With Teleperformance being an international company, it is somewhat surprising that the only data accessed came from the US Subsidiary.
How Did the Attack Occur?
“On November 4, 2022, we detected that an unauthorized third party gained remote access to a portion of TPUSA’s network,” said TPUSA’s notification letter. Remote access insinuates a skilled hacker that managed to breach the company’s firewall and other security measures, or, more likely, a phishing scam, in which the hacker accessed an employee’s login information.
What Information Was Viewed or Stolen?
Concerning accessed data, the company got off way safer than others have. The hacker accessed only social security numbers, addresses, and names. We acknowledge that this is incredibly dangerous for everyone involved, but the consequences of the data breach could have been far worse. Many data incidents have included information like financial information, passports, driver's license numbers, and diplomas, which are some of the highest-selling data on the dark web. Social security numbers sell for surprisingly little, with an average cost of just one dollar.
How Did TPUSA Admit to the Breach?
TPUSA sent notification letters to all affected parties, describing the incident in detail. The letters explained the investigation process and stated, “We have also notified law enforcement of this incident but have not delayed notification as a result of any law enforcement investigation.”
What Will Become of the Stolen Information?
The hacker will most likely sell the information. They stand to make thousands, if not millions, from this hack, making them very likely to sell the data once they feel the monitoring of this data decreases. “As of the time of writing, we have no information suggesting that your personal information has been misused as a result of this incident,” the notification read. “Targeted online monitoring commissioned by Teleperformance has not revealed any publication, sale or other exploitation of your personal information.”
What Should Affected Parties Do Following the Breach?
If you or a loved one were affected by the breach, you’re in luck (kind of). Having your PII in a bad actor’s hands is awful, especially if they decide to sell it, but you can help protect yourself and your loved ones for the foreseeable future. No system is foolproof, but you can create one to help make it more difficult for hackers to access your devices and data. On top of that, TPUSA is offering 24 months of free credit monitoring from Experian, one of the three major credit bureaus.