The ‘American Payroll Association’ Suffered a Catastrophic Data Breach
Last updated September 17, 2021
- A large American association responsible for processing company payrolls has had a skimmer infection.
- The malicious skimmers ran on two locations, stealing user credentials and credit card details.
- Actors may have accessed a large set of personal information of APA members, including names and addresses.
The Californian data protection office has published a sample notice from the ‘American Payroll Association’ (APA), detailing a data breach that was discovered on July 13, 2020. Unfortunately, the hackers behind the security incident managed to access and steal sensitive personal information, so the affected individuals are now notified via email and warned to take protective actions.
According to the details shared in the letter, APA had a credit card skimmer installed on both its login web page and its online store's checkout section, so essentially the hackers stole credit card details and information entered onto the website’s forms.
More specifically, the following information should be considered compromised:
- Login information (i.e., username and password)
- Individual payment card information (i.e., credit card information and associated data).
- First and Last Names
- Email Address
- Job Title and Job Role
- Primary Job Function and to whom you “Report”
- Gender
- Date of Birth
- Address (either business and/or personal), including country, province or state, city, and postal code
- Company name and size
- Employee Industry
- Payroll Software used at Workplace
- Time and Attendance software used at work
- Also, some accounts include profile photos and social media username information
The skimmer got to steal the account credentials and the payment card information, but the hackers may have accessed the rest of the data through direct account access. So, the above is not definitive nor confirmed, but it’s a grave possibility.
The affected individuals are advised to reset their passwords on the platform immediately. Besides that, everyone is recommended to review their financial reports and credit card statements carefully. If they see anything suspicious, they should report it to the bank issuer or police immediately.
As is the standard practice in these cases, APA is also supporting the exposed individuals with 12 months of free credit monitoring and identity theft services by Equifax. You have until October 31, 2020, to claim this, but you should by no means, wait until then.
APA hasn’t clarified the number of people who may have been compromised by this incident, but the organization’s IT team stated that the skimmers must have been active on the website since May 13, 2020. So, if you have entered any details on APA’s website between May 13 and July 13, 2020, you should contact the organization by sending an email to “[email protected]” and they will address your concerns and questions.
Read More:
- Unprotected Server Contains Sensitive Data From Various Firms
- North Korean Hackers Planted Card Skimmers on Shopping Websites
- Someone Has Shared Online 20GB of Confidential Info Belonging to Intel
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular