Hackers breached the systems of payroll processor PayChoice, the company confirmed.
PayChoice of Moorestown, N.J., suffered an online breach that has apparently compromised its payroll-processing operations.
“PayChoice discovered a security breach in its online system on Wednesday, September 23, 2009,” PayChoice CEO Robert Digby confirmed in a statement. “We are handling this incident with the highest level of attention as well as concern for our clients, software customers and the employees they serve.”
PayChoice today indicated it is working to provide additional information about the breach.
According to the Washington Post, a number of PayChoice customers were subjected to an apparent phishing scam when they received an e-mail instructing them to download a Web browser plug-in in order to maintain access to PayChoice’s online payroll service, onlineemployer.com.
Post writer Brian Krebs reports that the phishing attack was apparently aimed at getting into payroll and account data. PayChoice is said to license its online employee payroll management product to more than 240 other payroll processing firms to serve 125,000 organizations.
In his statement, Digby said that on Sept. 23rd, “we immediately shut down the online system and instituted fresh security measures to protect client information before starting it up again.”
The payroll-processing company has also engaged forensics experts to help determine the scope of the intrusion and notified federal law enforcement, according to Digby. He said licensees and payroll clients will be apprised on a daily basis, and he added they should taking “appropriate protective measures, including changing passwords and user id information.”