HomesecurityThe American Payroll Association has revealed information theft

The American Payroll Association has revealed information theft

American Payroll Association

Η American Payroll Association (APA) revealed infringement data affecting members and customers, after the attackers successfully placed one web skimmer at its login pages website and in the pages of online stores.

APA is one non-profit professional association with more than 20.000 members and organizes training seminars and conferences, which are attended every year by more than 36.000 professionals. THE organization It also issues recognized certificates and provides professionals with a variety of resources.

Theft connection credentials and financial information

The American Payroll Association discovered around July 23, 2020, that its website and its website store were violated by cyber criminals who developed a web skimmer who collects and transmits sensitive information to servers controlled by the attackers.

The attackers used a vulnerability in the content management system (CMS) of the organization and managed to gain access to the site and the online store. The company sent one notice of theft financial information (credit card details) to all persons affected by the breach.

After gaining access, the hackers used the skimmer both on the login page and in the online shopping completion section of the online store.

According to the team security of the American Payroll Association, the malicious activity was detected on May 13, 2020.

"Unauthorized persons have access to data (username and password) and individual financial information (credit card details and related data)Said the American Payroll Association.

The information to which the hackers, include: first and last name, e-mail address, job title and role, gender, date of birth, address (personal or business), country, province or state, city, zip code, company name and size, etc. (information to be filled in web pages and online store).

In addition, in some cases, attackers were able to gain access to social media usernames and profile pictures of members and of customers of the American Payroll Association.

Magecart attack behind financial information theft

This type of attack is known as web skimming attack, Magecart or e-skimming and takes place through skimmer scripts on sites e-commerce, using either one vulnerability CMS or one violated account Admin.

Following the discovery of the attack, the American Payroll Association immediately installed the latter security updates for the site and store CMS to block future attacks.

The APA security team also increased the frequency of security patches and developed anti-malware solutions in servers affected. In addition, the organization has reset the passwords for all affected users and offers $ 1.000.000 in identity theft insurance and one year free services credit monitoring through Equifax.

Digital fortress
Pursue Your Dreams & Live!