[ISN] PayChoice Suffers Another Data Breach

From: InfoSec News <alerts_at_private>
Date: Mon, 19 Oct 2009 01:46:17 -0500 (CDT)
http://voices.washingtonpost.com/securityfix/2009/10/paychoice_suffers_another_data.html

By Brian Krebs 
Security Fix
The Washington Post
October 15, 2009

Payroll services provider PayChoice took its Web-based service offline 
for the second time in a month on Wednesday in response to yet another 
data breach caused by hackers.

Moorestown, N.J. based PayChoice, provides direct payroll processing 
services and licenses its online employee payroll management product to 
at least 240 other payroll processing firms, serving 125,000 
organizations. On Thursday morning, the company sent a notice to its 
customers saying it had once again closed onlineemployer.com - the 
portal for PayChoice's online payroll service -- this time after some 
clients began noticing bogus employees being added to their payroll.

"After investigation, we determined that valid user credentials for an 
Online Employer user were used in an unauthorized manner to add these 
fictitious employees in an attempt to have payments made to fraudulent 
bank accounts," the company said in an e-mail alert to their clients 
sent Thursday.

This week's attack appears to be the second stage of a sophisticated 
cyber assault launched last month against PayChoice customers. In that 
attack, hackers broke into the company's servers and stole customer user 
names and passwords. The attackers then included that information in 
e-mails to PayChoice's customers warning them that they needed to 
download a Web browser plug-in in order to maintain uninterrupted access 
to onlineemployer.com. The supposed plug-in offered in that e-mail was 
instead malicious software designed to steal the victim's user names and 
passwords.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Sun Oct 18 2009 - 23:46:17 PDT

This archive was generated by hypermail 2.2.0 : Sun Oct 18 2009 - 23:58:51 PDT