US payroll provider hit by email phishing attack

US payroll provider hit by email phishing attack
17 Jan 2019

US payroll, HR and employer services provider BenefitMall has disclosed a data security breach that may have exposed consumers’ personal information.

“On October 11, 2018, the company became aware of an email phishing attack that exposed employee email login credentials,” the company declared in a press release last week. “While the dates of the unauthorized access vary, the issue generally occurred between June 2018 and the discovery date.”

According to BenefitMall, the affected emails may have included the names, addresses, Social Security numbers, dates of birth, bank account numbers and information relating to payment of insurance premiums of its customers’ employees. It is not yet known how many US consumers were hit by the breach.

But the provider said that once it learned of the issue, it immediately initiated an internal review. “The company also retained a top computer forensics firm to help conduct a thorough investigation of the incident and remediate BenefitMall's systems,” it added. “BenefitMall has also reported the incident to law enforcement.”

It appears that this is not the first time that the firm has been subject to a data breach. According to the The Daily Swig, a document hosted on the Department of Justice New Hampshire website provides details of a security incident that took place in November 2013, which affected the company’s client, Kenerson Associates.

BenefitMall said it had now implemented additional security measures to protect employee email accounts, including two-factor authentication.

“The company has also undertaken an employee education initiative to inform employees about phishing scams and how to guard against them, and will continue to deliver additional employee training about email safety and recognising phishing emails,” it added.

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER STORIES THAT MAY INTEREST YOU

Keeping payroll data safe

Trends 2019: Systems integration and data security take centre stage

FBI warns of US payroll phishing attack

 

US payroll, HR and employer services provider BenefitMall has disclosed a data security breach that may have exposed consumers’ personal information.

“On October 11, 2018, the company became aware of an email phishing attack that exposed employee email login credentials,” the company declared in a press release last week. “While the dates of the unauthorized access vary, the issue generally occurred between June 2018 and the discovery date.”

According to BenefitMall, the affected emails may have included the names, addresses, Social Security numbers, dates of birth, bank account numbers and information relating to payment of insurance premiums of its customers’ employees. It is not yet known how many US consumers were hit by the breach.

But the provider said that once it learned of the issue, it immediately initiated an internal review. “The company also retained a top computer forensics firm to help conduct a thorough investigation of the incident and remediate BenefitMall's systems,” it added. “BenefitMall has also reported the incident to law enforcement.”

It appears that this is not the first time that the firm has been subject to a data breach. According to the The Daily Swig, a document hosted on the Department of Justice New Hampshire website provides details of a security incident that took place in November 2013, which affected the company’s client, Kenerson Associates.

BenefitMall said it had now implemented additional security measures to protect employee email accounts, including two-factor authentication.

“The company has also undertaken an employee education initiative to inform employees about phishing scams and how to guard against them, and will continue to deliver additional employee training about email safety and recognising phishing emails,” it added.

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER STORIES THAT MAY INTEREST YOU

Keeping payroll data safe

Trends 2019: Systems integration and data security take centre stage

FBI warns of US payroll phishing attack

 

Leave a Reply

All blog comments are checked prior to publishing