PayChoice Inc., a New Jersey company that provides online payroll services and works with 125,000 organizations, has been hacked--big time. Hackers broke into the company's system last month, and stole the login credentials of customers, including their real names, usernames and passwords.
The attackers then sought to use the data to steal additional information directly from the customers themselves, sending them phishing emails and directing them to download a web browser plug-in to be able to continue using the onlineemployer.com service. When users followed the directions and downloaded the plug-in, their systems were infected by a username and password stealing Trojan. It is not known how many customers were victims of the scam, which appears to have originated overseas.
PayChoice, in an email response to Computerworld, said it was "handling this incident with the highest level of attention as well as concern for our clients, software customers and the employees they serve."
Company CEO Robert Digby said in the statement that once the company discovered the breach, it immediately shut down the online system and instituted measures to protect client information, the statement said. The company has also hired outside forensic experts to determine the full impact of the breach.
For more on this attack:
- see this NetworkWorld.com article [1]
Related Articles:
Microsoft researchers try to trace hack attacks [2]
Mystery of the July 4 hack attacks [3]
Password hacking gets personal [4]
Links:
[1] http://www.networkworld.com/news/2009/100109-large-online-payroll-service.html
[2] http://www.fiercecio.com/story/microsoft-researches-find-way-trace-hack-attacks/2009-08-16
[3] http://www.fiercegovernmentit.com/story/myster-july-4-hack-attacks/2009-07-14
[4] http://www.fiercecio.com/story/password-hacking-gets-personal/2009-09-09