189
You can contact them at privacy@adp.com
You’re right. One can always email privacy@adp.com if they don’t live in the state of California and are looking to waste some time and blood pressure points.
It's weird cuz when I go to the site I don't see anything like that as even an option.
I don't see any option that says "need help signing in" and you have to type in your social security number before you even get to the page that has your phone number on it? What am I missing?
ADP.com > menu > sign in > need help signing in > my current employer uses ADP
If the person does currently work with a company using ADP, it will work 100% of the time.
If the person USED to work for a company using ADP, it will work some of the time. I’m guessing it has to do with the particular ADP/subsidiary services used by the most recent employer. That’s just a guess.
I saw the need help signing in option. But after entering name and phone number, I had to enter last 4 of SSN, which I think is harder to find out
Additionally, afterwards I got an email that my user ID was requested
Same at immediately asked me for my social security number. So you would need to know my first name last name my phone number or email and my social security. I'm not sure what else they could do to protect it outside of two factor
Please speak out acronyms once. I have no idea what ADP is.
Sorry, friend! ADP stands for Automatic Data Processing. They are a leader in the Payroll & HR solutions. Its where you go to view your paycheck or update your insurance beneficiary information.
Alcoholics Doing Payroll
Well it's about time
This is generally not how one goes about disclosure.
I hear you, but in the last year I've begun wondering if full public disclosure isn't a better way to go these days.
The sheer volume of breaches is overwhelming and in my experience (of over 40 years as an ICT professional) many companies sweep their failures under the carpet, hide behind crisis management teams and marketing speak, and ridicule those bringing issues to their attention.
Their disclosure is abysmal if it's made at all and there are precious few who reveal precisely what data was exfiltrated or how the issue was remediated.
This way anyone can verify the issue and companies cannot hide, everyone sees precisely what's leaked and can act accordingly.
If you know of a more effective way, I'd love to hear it.
I hear this. Stuff this egregious they are not even trying to begin with.
Making the attempt at responsible disclosure is still more effective.
Effective for whom?
The users who's data was disclosed, or the company that made the disclosure?
Well, this leak is out there now for whoever decided to use it. And it's being publicized. That doesn't seem good for the people having their payroll data leaked.
Hey, now. Don’t go blaming the person who is calling attention to negligence of another. 5 years ago, ADP had user support service to handle login issues. But with the diminishing right to privacy in recent years, it is much more convenient for them to simply give the information away.
Seems worse for folks to not even realize their data was leaked
Seems even worse for them to know and to have malicious actors know as well. Effectively creating a zero-day is not a good thing.
Everyone involved.
Depends on how the parties behaved in the past. There are a bunch of government entities which called police on me in the past when trying to work with them about discovered issues and as result also will just get anonymous 0-day drops in public forums for future issues.
If you really regularly disclosed vulnerabilities you’d know that for entities that don’t have vulnerability disclosure programs you can always report through CISA or ENISA.
I expect the responsible person listed for some specific application to react to an email about it to fix it, and not send me police. Why would I want to jump through hoops for doing them a favour?
Same applies also if there's no easy way to send a mail to someone responsible.
Ok bro.
Same applies also if there's no easy way to send a mail to someone responsible.
Yeah I’m pressing x for doubt you’ve ever disclosed anything. You got any CVE’s to your name?
Man turned /privacy into /ULPT
I've had an ADP employer in the past and when i tried it prompted me for some additional personal info so this did not work for me.
I tried and it said I didn't finish making my account haha, glad I didn't!
Yet another reason not to have a phone number
Hmm, at least it doesn't show that I'm employed by all of them simultaneously.
this post was submitted on 28 Dec 2024
189 points (98.5% liked)
Privacy
32525 readers
110 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS