Texas-based American Payroll Association disclosed a July data breach caused by a web skimming attack on its website and online store. Attackers made off with credit card numbers, users’ names and other personal data.Â
The American Payroll Association (APA) notified its members of a skimming attackOpens a new window on its website that exposed credit card and personal user information. The disclosure comes nearly a month and a half after the data breach was discovered, prompted by an ‘unusual activity’ which occurred in May.
The data breach was caused by a skimmer that was installed on the organization’s website login page, as well as the checkout section of its online store. Skimmers cannot easily be installed over sites unless there is a flaw in page scripting that can be exploited. Upon assessment by APA, it was discovered that attackers managed to install a skimmer through a vulnerability in the content management system (CMS) of the website. The security check also revealed the malicious activity initially started on May 13, 2020 at 8:30 PM ET.
Robert Wagner, APA’s Senior Director of Govt. and Public Relations, Certification, and IT saysOpens a new window affected user data includes usernames, passwords, and credit card information. While this is definite, APA is not sure if other personal or professional information was breached. APA said other electronic fields ‘may have’ been breached. This includes:
- Personal: names (first & last), email IDs, address, date of birth, social media handles and profile pictures
- Professional: job title/role and function, job supervisor/manager and company size, office address, details of the payroll and time and attendance software used at the workplace
See Also: Tesla Avoids Russian Cyberattack on Nevada Gigafactory
Ameet NaikOpens a new window , Security Evangelist at PerimeterX told Security WeekOpens a new window , “The APA is an attractive target for Magecart attackers since their members have access to tools and systems that contain payroll data for millions of individuals. The attackers can brute force other payroll systems using the same stolen credentials to find other account takeover targets.â€
APA, which has nearly 20,000 members did not mention exactly how many users were affected.
Subsequently, the organization updated the CMS with appropriate patches to seal the vulnerability. Further, after conducting a review of its code changes which came into effect in January, the APA also installed additional antivirus programs on its servers.
The Texas-based association went a step further by extending 12 months of free credit monitoring and identity theft insurance amounting to $1,000,000 to victims.
The APA has advised users to stay ‘vigilant by regularly reviewing your account statements and online activity’ since stolen credit card data may be used in identity theft. Naturally, users were also recommended to change their passwords.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!