News and Updates on Information Technology

United States – American Payroll Association

Exploit: Skimming
American Payroll Association: Professional Organization

Risk to Small Business: 2.087 = Severe

The American Payroll Association just notified its members that it has suffered a breach. Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system. It was discovered around July 13, but before it could be removed unauthorized individuals gained access to information including first and last names, email address, job title/role, primary job function, company structure, gender; date of birth, address (either business or personal), including country, province or state, city, and postal code, company name and size, industry details, and the types of payroll and attendance software used at the member’s company.

Individual Risk: 2.404 = Severe

Information like job title, company structure, personal contact details, and more from this breach can be used to construct spear phishing attacks. Victims of the data breach have been offered 12 months of free credit monitoring and $1,000,000 in identity theft insurance by APA.

Customers Impacted: 21,000

How it Could Affect Your Customers’ Business: Malware is commonly delivered via a phishing email, but can also directly infect systems, stealing credit card data and PII that impacts large swathes of customers. Cutting off access from infection points is a vital defense.