Data security FAQs
Data security threats today move fast and are increasingly sophisticated. If you have questions about how to address potential phishing scams, system vulnerabilities or fraudulent activity, the following FAQs may help. For all other questions, please contact ADP Customer Service.
Phishing or suspicious messages
How do I report suspicious messages to ADP? (ADP clients)
Do not click on any links or attachments within the message and do not respond to the sender. Forward the email as an attachment to abuse@adp.com.
I don’t know if the message is a legitimate email or a phishing attempt. Can ADP help confirm its validity?
Yes, please follow the instructions above on how to report a suspicious message and a member of your ADP client service team will assist you.
Where can I learn more about phishing?
For information on phishing awareness, please see ADP’s data security best practices.
System vulnerabilities
How do I report an ADP system vulnerability?
Email vulnerabilityreporting@ADP.com so that the ADP security team may validate and reproduce the issue. Be sure to include as many details of the suspected vulnerability as possible, including the product tested, date, account names, etc. Note that by sending an email to vulnerabilityreporting@ADP.com you confirm that you are meeting the requirements of the ADP Vulnerability Disclosure Program.
Where can I inquire about non-ADP system vulnerabilities?
If you have a question pertaining to a non-ADP system vulnerability (example: Apache Log4j), please contact your assigned ADP client service team for assistance.
Reporting fraudulent activity
How do I report a security incident/fraudulent activity?
If you suspect fraudulent activity on your account, contact your assigned ADP client service team for assistance.