Automatic Data Processing said it has identified a phishing scam targeted at ADP clients and others.
The payroll processor said an attack had been made on a third-party business contact information system that ADP uses to hold client and other third-party information, including names, addresses, e-mail addresses and other company information.
ADP said the compromised information did not include Social Security numbers, bank account numbers, passwords or human resources data. The company emphasized that its own systems had not been attacked or compromised.
The scammers used the stolen e-mail contact information to send fake e-mail messages to ADP clients and others with a "from" address that had been spoofed to look like a valid ADP e-mail address. ADP believes the messages were sent with the intention of compromising the data of the recipients.
ADP said it was notifying all of its clients and other parties whose e-mail addresses were maintained in the database.
