Payroll Processor Breached Twice in One Month
PayChoice Warns Business Clients of Network Breaches, Potential FraudPayChoice, based in Moorestown, NJ, had to take its Online Employer site offline last Thursday for a short time after the latest security breach was discovered. While the exact cause of the breach was not revealed, the company says it has taken new precautions.
"PayChoice deployed additional security measures to protect client data after the company identified a key mechanism used by online attackers," says CEO Robert Digby. PayChoice's Online Employer site was briefly taken offline after the company discovered the breach, which occurred on Oct. 14. Digby says PayChoice has reopened the site with most functionality after protecting against the methods used in the attack.
The payroll processing company, which boasts more than 125,000 business clients, warned its customers by letter about the new breach after some clients reported "phantom" employees showing up on their payrolls.
The message to PayChoice customers indicated that the hackers may have stolen customer login IDs and passwords by going through a hole in security on the website feature that helps customers change their password. PayChoice says it turned off the change-password feature to fix the vulnerability.
This breach follows one in late September, when hackers were able to steal account information of firms using its online payroll service. On Sept. 28, PayChoice sent emails to customers that said the hackers had stolen email addresses, as well as login IDs, and at minimum some passwords for account holders of the OnlineEmployer.com website.
"The company became aware of the attack on September 23, when it saw what appeared to be phishing emails telling clients they should download a browser plug-in to continue using their online accounts," says a statement from Digby. "The emails included client user names and partial passwords, which indicated a breach of PayChoice's Online Employer website."
The hackers then used this information to launch a phishing attack, targeting emails to customers to trick them into giving up their passwords. The email instructed the customers to download a plug-in to continue to use the PayChoice OnlineEmployer.com website. The plug-in was actually a Trojan designed to steal passwords.
After the first breach, PayChoice hired two top forensic experts to determine how the hackers got into the company's site. PayChoice says it also immediately notified the authorities and is working with federal law enforcement to find those responsible for the breach. "The majority of PayChoice's clients, those using telephone, fax or other non-Web-based input methods, were not impacted," Digby says.