Workstream Technologies Inc. recently notified its customers about a potential data breach involving personal information, which was caused by a software update error from their vendor, Dropbox. On August 16, 2024, Workstream discovered that a bug in a Dropbox update allowed certain documents signed through the platform to be potentially accessible to human resources departments at other Workstream customers between August 8 and 16. Although the company’s investigation could not confirm whether personal information was accessed or acquired, they chose to inform affected individuals as a precautionary measure.
The information potentially impacted by the breach includes personal data submitted during employee onboarding or application processes. In response, Workstream took immediate action by limiting access to the affected documents while Dropbox worked to address and resolve the issue. By August 23, Dropbox had identified the root cause of the bug and corrected it across all affected versions of their service. The investigation into the incident continues as Workstream collaborates with Dropbox to enhance security and prevent future breaches.
Despite the uncertainty surrounding the actual access or misuse of the data, Workstream is offering affected individuals 24 months of free credit monitoring and identity theft restoration services through Equifax. However, individuals must actively enroll in these services, as Workstream cannot do so on their behalf. The company has provided clear instructions for enrollment, and individuals are encouraged to take advantage of the service to protect their information during this time.
Additionally, Workstream advises individuals to remain vigilant for any signs of identity theft or fraud. Customers are urged to review their financial account statements for suspicious activity and report any fraudulent transactions to their bank, the relevant authorities, and the Federal Trade Commission (FTC). If necessary, individuals can also file a police report to document any identity theft incidents related to this breach.
Reference:
