P2018-ND-128

Universal Rail Systems

During a routine payroll systems upgrade, a new system folder provided by a third party vendor was installed by the Organization?s IT department. The system generates automatic emails to employees with their T4s. The Organization tested the system before releasing T4s. However, after releasing the first department?s T4s, the payroll department reviewed a sampling of emails and discovered that each employee received only one T4 statement instead of two duplicates, and every second employee received a copy of the previous employee?s T4 statement. The emails sent in error were in employee inboxes for approximately 30 minutes. Employees were instructed to immediately and permanently delete the previous T4 emails. The Organization discovered that that the folder with the new tax table installed had back-end system coding that changed options for payroll to select when releasing the T4s. The incident occurred on February 2, 2018 and was discovered the same day.

File Type: pdf
Categories: 2018
Tags: Unauthorized disclosure