Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

American Payroll Association User Data Stolen in Skimmer Attack

The American Payroll Association (APA) says user information was stolen after attackers managed to inject a skimmer on its website. 

A payroll education, publications, and training provider, APA helps professionals increase their skill, offering payroll conferences and seminars, resources, and certification. APA has over 20,000 members. 

The American Payroll Association (APA) says user information was stolen after attackers managed to inject a skimmer on its website. 

A payroll education, publications, and training provider, APA helps professionals increase their skill, offering payroll conferences and seminars, resources, and certification. APA has over 20,000 members. 

In a security incident notification (PDF), APA explained that what appears to be a vulnerability in its content management system was likely exploited to inject the skimmer in its login page and on the checkout section of its online store. 

The malicious activity was discovered around July 31, 2020 but the investigation into the incident revealed that the attackers had been present on the system since May 13, 2020.

According to APA, information that was compromised during the attack included user login information and payment card information. 

The attackers might have accessed information such as first and last name, address, gender, date of birth, email address, job title and role, primary job function (along with details on to whom the user ‘reports’), company name and size, employee industry, and payroll and time and attendance software used at work. 

Profile photos and social media username data associated with some accounts might have been compromised as well, APA says. 

“Since discovering the cyberattack, APA has installed the latest security patches from our content management system to prevent any further exploitation of their website. APA technicians also reviewed all code changes made to the APA website since January; installed additional antivirus software on our servers; and increased the frequency of security patch implementation,” the Association announced. 

Advertisement. Scroll to continue reading.

APA says it has already prompted affected users to reset their passwords, and it is urging those who haven’t already to do so as soon as possible. 

“This attack on the American Payroll Association’s websites affected not only the payment page but also the login page, resulting in theft of usernames and passwords. The APA is an attractive target for Magecart attackers since their members have access to tools and systems that contain payroll data for millions of individuals. The attackers can brute force other payroll systems using the same stolen credentials to find other account takeover targets,” Ameet Naik, security evangelist at PerimeterX, said in an emailed comment. 

“Businesses must take steps to manage the shadow code risks by applying timely security patches and upgrading vulnerable open source libraries and third-party plugins. In addition, client-side application security solutions can provide full runtime visibility and control over all scripts and prevent client-side data breaches. Consumers must ensure that they use unique passwords and multi-factor authentication for different websites to minimize the risk of account takeover (ATO) attacks, and must continue to monitor their credit reports for signs of identity fraud,” Naik added. 

Related: Hackers Target Online Stores With Web Skimmer Hidden in Image Metadata

Related: Magecart Hackers Continue Improving Skimmers

Related: Visa Warns of New JavaScript Skimmer ‘Pipka’

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.