PayChoice Suffers Another Data Breach

[security curmudgeon <jericho () attrition org>]

http://voices.washingtonpost.com/securityfix/2009/10/paychoice_suffers_another_data.html?wprss=securityfix

PayChoice Suffers Another Data Breach
By Brian Krebs  |  October 15, 2009; 8:40 PM ET

Payroll services provider PayChoice took its Web-based service offline for 
the second time in a month on Wednesday in response to yet another data 
breach caused by hackers.

Moorestown, N.J. based PayChoice, provides direct payroll processing 
services and licenses its online employee payroll management product to at 
least 240 other payroll processing firms, serving 125,000 organizations. 
On Thursday morning, the company sent a notice to its customers saying it 
had once again closed onlineemployer.com - the portal for PayChoice's 
online payroll service -- this time after some clients began noticing 
bogus employees being added to their payroll.

"After investigation, we determined that valid user credentials for an 
Online Employer user were used in an unauthorized manner to add these 
fictitious employees in an attempt to have payments made to fraudulent 
bank accounts," the company said in an e-mail alert to their clients sent 
Thursday.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php