The American Payroll Association (APA) says user information has been stolen after attackers have managed to inject a skimmer into their website.
A payroll education, publications, and training provider, APA helps professionals enhance their skills, offering payroll conferences and seminars, resources, and certification. APA is composed of over 20,000 members.
In a security incident notification (PDF), APA explained that what appears to be a vulnerability in its content management system has probably been exploited to inject the skimmer on its login page and on its online store’s checkout section.
The malicious activity was discovered around July 31 , 2020 but the incident investigation revealed that the attackers were on the system since May 13, 2020.
Information that was compromised during the attack included user login and payment card information, according to APA.
The attackers may have accessed information such as first and last name, address, gender, date of birth, email address, job title and role, primary job function (along with details of who the user ‘reports’ to), company name and size, employee industry, and payroll and time and attendance software used at work.
Profile photos and username data from social media associated with some accounts could also have been compromised, says APA.
“APA has installed the latest security patches from our content management system since the cyber-attack was discovered to prevent further exploitation of their website. As of January, APA technicians also reviewed all code changes made to the APA website; installed additional antivirus software on our servers; and increased security patch implementation frequency, “the association announced.
APA says it already prompted affected users to reset their passwords, and urges those who haven’t already reset their passwords as soon as possible.
“This attack on the websites of the American Payroll Association not only affected the payment page but also the login page which resulted in theft of usernames and passwords. The APA is an attractive target for Magecart attackers as their members have access to tools and systems for millions of people which contain payroll data. The attackers may brutely force other payroll systems to find other account takeover targets using the same stolen credentials, “Ameet Naik, PerimeterX security evangelist, said in an emailed comment.
“Businesses must take steps to manage the risks of shadow code by applying timely security patches and upgrading vulnerable open source libraries and plug-ins from third parties. Furthermore, application security solutions on the client side can provide full-time visibility and control over all scripts, and prevent data breaches on the client side. Consumers must ensure that they use unique passwords and multifactor authentication for various websites to minimise the risk of account acquisition (ATO) attacks, and must continue to monitor their credit reports for signs of identity fraud, “added Naik.