Payroll Processor Breached Twice in One Month

PayChoice Warns Business Clients of Network Breaches, Potential Fraud
Payroll Processor Breached Twice in One Month
For the second time in less than a month, New Jersey-based payroll processor PayChoice has alerted customers to a network breach.

PayChoice, based in Moorestown, NJ, had to take its Online Employer site offline last Thursday for a short time after the latest security breach was discovered. While the exact cause of the breach was not revealed, the company says it has taken new precautions.

"PayChoice deployed additional security measures to protect client data after the company identified a key mechanism used by online attackers," says CEO Robert Digby. PayChoice's Online Employer site was briefly taken offline after the company discovered the breach, which occurred on Oct. 14. Digby says PayChoice has reopened the site with most functionality after protecting against the methods used in the attack.

The payroll processing company, which boasts more than 125,000 business clients, warned its customers by letter about the new breach after some clients reported "phantom" employees showing up on their payrolls.

The message to PayChoice customers indicated that the hackers may have stolen customer login IDs and passwords by going through a hole in security on the website feature that helps customers change their password. PayChoice says it turned off the change-password feature to fix the vulnerability.

This breach follows one in late September, when hackers were able to steal account information of firms using its online payroll service. On Sept. 28, PayChoice sent emails to customers that said the hackers had stolen email addresses, as well as login IDs, and at minimum some passwords for account holders of the website.

"The company became aware of the attack on September 23, when it saw what appeared to be phishing emails telling clients they should download a browser plug-in to continue using their online accounts," says a statement from Digby. "The emails included client user names and partial passwords, which indicated a breach of PayChoice's Online Employer website."

The hackers then used this information to launch a phishing attack, targeting emails to customers to trick them into giving up their passwords. The email instructed the customers to download a plug-in to continue to use the PayChoice website. The plug-in was actually a Trojan designed to steal passwords.

After the first breach, PayChoice hired two top forensic experts to determine how the hackers got into the company's site. PayChoice says it also immediately notified the authorities and is working with federal law enforcement to find those responsible for the breach. "The majority of PayChoice's clients, those using telephone, fax or other non-Web-based input methods, were not impacted," Digby says.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.