The American Payroll Association (APA) disclosed it was a victim of a data breach on July 13, 2020, which affected its employees and customers’ information. The hackers injected a web skimmer on the company’s website login and checkout pages. In a security alert, APA stated that the threat actors extracted personal data by exploiting a vulnerability in the association’s content management system (CMS).
Information Accessed in the Data Breach
The attackers gained access to users’ login information like usernames, passwords, payment card information like credit card numbers, and personal information like names, dates of birth, email address, job titles and roles; primary job function, addresses, employee industry, and type of payroll software used. In addition, they also obtained profile photos and social media username data associated with some accounts.
APA notified the users affected in the incident and offered 12 months of free credit monitoring and $1,000,000 in identity theft insurance.
“Since discovering the cyberattack, APA has installed the latest security patches from our content management system to prevent any further exploitation of their website. APA technicians also reviewed all code changes made to the APA website since January; installed additional antivirus software on our servers; and increased the frequency of security patch implementation,” the Association said.
Magecart Attack, Again?