Data Breach: PayChoice hackers attack again
Friday, October 23rd, 2009
Hackers forced payroll processor PayChoice to shut down its online portal again Wednesday, for the second time so far this month. The data breach came to light when PayChoice customers reported fake employees being added to their payroll rosters.
PayChoice is one of the largest payroll processors in the United States. They lease their payroll management product to more than 240 other payroll processors and serve more than 125,000 organizations. There are approximately 20 branch locations in the U.S. serving small and mid-market companies.
Clients received an email alert from the firm Thursday that said an investigation determined valid credentials were used in an unauthorized manner. PayChoice believes the bogus employees were added in order to have paychecks sent to fraudulent bank accounts.
This most recent attack seems to be the follow up to last month’s data breach in which hackers stole customers’ user names and passwords from PayChoice servers. Soon after, customers received emails advising them to download a plug-in to continue their access to the PayChoice portal. Customers who followed those instructions were infected with malicious software designed to steal user names and passwords.
The hackers apparently planned this latest maneuver to coincide with a large payroll processors conference in Utah. Many PayChoice employees and those of their licensees are attending the conference so all operation are being conducted by a diminished staff, according to Steve Friedl, a security expert who works as a consultant for Evolution payroll, a PayChoice competitor.