|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Mon Oct 19 2009 - 01:46:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://voices.washingtonpost.com/securityfix/2009/10/paychoice_suffers_another_data.html
By Brian Krebs
Security Fix
The Washington Post
October 15, 2009
Payroll services provider PayChoice took its Web-based service offline
for the second time in a month on Wednesday in response to yet another
data breach caused by hackers.
Moorestown, N.J. based PayChoice, provides direct payroll processing
services and licenses its online employee payroll management product to
at least 240 other payroll processing firms, serving 125,000
organizations. On Thursday morning, the company sent a notice to its
customers saying it had once again closed onlineemployer.com - the
portal for PayChoice's online payroll service -- this time after some
clients began noticing bogus employees being added to their payroll.
"After investigation, we determined that valid user credentials for an
Online Employer user were used in an unauthorized manner to add these
fictitious employees in an attempt to have payments made to fraudulent
bank accounts," the company said in an e-mail alert to their clients
sent Thursday.
This week's attack appears to be the second stage of a sophisticated
cyber assault launched last month against PayChoice customers. In that
attack, hackers broke into the company's servers and stole customer user
names and passwords. The attackers then included that information in
e-mails to PayChoice's customers warning them that they needed to
download a Web browser plug-in in order to maintain uninterrupted access
to onlineemployer.com. The supposed plug-in offered in that e-mail was
instead malicious software designed to steal the victim's user names and
passwords.
[...]
________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]