Hackers forced payroll processor PayChoice to shut down its online portal again Wednesday, for the second time so far this month. The data breach came to light when PayChoice customers reported fake employees being added to their payroll rosters.

PayChoice is one of the largest payroll processors in the United States. They lease their payroll management product to more than 240 other payroll processors and serve more than 125,000 organizations. There are approximately 20 branch locations in the U.S. serving small and mid-market companies.

Clients received an email alert from the firm Thursday that said an investigation determined valid credentials were used in an unauthorized manner. PayChoice believes the bogus employees were added in order to have paychecks sent to fraudulent bank accounts.

This most recent attack seems to be the follow up to last month’s data breach in which hackers stole customers’ user names and passwords from PayChoice servers. Soon after, customers received emails advising them to download a plug-in to continue their access to the PayChoice portal. Customers who followed those instructions were infected with malicious software designed to steal user names and passwords.

The hackers apparently planned this latest maneuver to coincide with a large payroll processors conference in Utah. Many PayChoice employees and those of their licensees are attending the conference so all operation are being conducted by a diminished staff, according to Steve Friedl, a security expert who works as a consultant for Evolution payroll, a PayChoice competitor.

Tags: data breach, hacked, hackers, hacking, identity theft, PayChoice

This entry was posted on Friday, October 23rd, 2009 at 2:35 pm and is filed under data breach. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.