Thursday, 15 May 2014

Upper Allen Twp. payroll company defends its handling of computer hacking incident

Nearly 1,000 Central Penn College employees are among the thousands of people who are learning their personal information has recently fallen into the hands of hackers.
Paytime Inc., an Upper Allen Twp.-based payroll company, said it acted quickly to get the word out about a computer hacking incident that puts thousands of people's personal information at risk.  
The hackers accessed such information as Social Security numbers, birth dates, hiring dates, phone numbers and other payroll-related data stored in the computer system at Paytime Inc., an Upper Allen Twp.-based company that handles payroll services for an undisclosed number of employers in and outside of Pennsylvania.
Since learning of the security breach that Paytime discovered on April 30, the college in East Pennsboro Twp. has sent out several informal notices over the past week to employees advising them of steps to take to protect their identities, said college spokeswoman Sarah Blumenschein.
It plans to send out letters on Thursday sharing similar information with former employees who worked there over the past eight years since they too have may have personal data at risk, she said.
"Over the years, Paytime has been a great business partner with superior customer service, and we will assist them in any way possible to spread this message to our employees," Blumenschein said.
Other individuals who work at companies that are Paytime customers are not as understanding. Several contacted PennLive expressing outrage that Paytime plans to hold off until May 21 to send out notices that tell them what they should do. They accused the payroll service company of dragging its feet.
Chris Haverstick, Paytime's vice president of sales and marketing, said his company has been doing anything but that.
He said as soon as its information technology forensics experts detected a file in the computer system that shouldn't have been there, federal law enforcement authorities were notified and alerts were sent to the employers it works with about its security being compromised.
But it wasn't until Monday that the company felt the investigation had progressed far enough to determine that customers' employees indeed needed to be notified, he said.
The investigation found that skilled hackers with foreign IP addresses exploited a vulnerability in Paytime's computer system starting on April 7, according to a company-issued statement released today.
Paytime immediately sent its customers notices asking for permission to contact their current and former employees to advise them of the breach and the free year of credit monitoring and identity restoration services that Paytime will provide.
Once customers' permission is granted, Haverstick said the official notifications will be sent out, starting next week. In the meantime, Paytime is establishing a call center to field the anticipated calls from affected individuals who may want further guidance.
Haverstick was adamant that Paytime has kept its customers in the loop along the way unlike other companies that he said waited a month or more before dropping the news of a breach.
"We didn't drag our feet on this. We acted quickly as possible." Paytime vice president Chris Haverstick
"We have very loyal clients and our clients have been great. We were telling them what we knew when we knew it. I think that's very important," he said. "We didn't drag our feet on this. We acted quickly as possible."
He said he thinks the employers that Paytime serves understand the situation, but "I don't think the employees get it."
Because federal authorities were on the case, Haverstick said Paytime never alerted the Upper Allen Twp. police, the Cumberland County District Attorney's office or the state Attorney General's office.
Upper Allen Twp. police Detective Ryan Parthemore said he called the company on Wednesday after learning of the hacking incident through media reports and was told to call the company's attorney. Parthemore said the law firm never returned the call.
The attorney general's office offers the following tips to individuals who find themselves as victims of a personal information security breach:
  • Check your credit report with the three nationwide consumer reporting companies: Equifax, Experian and TransUnion. If consumers find errors on their report, contact the reporting company in writing.  Under the Fair Credit Reporting Act, consumers are entitled to a free copy of their credit report from each company every 12 months. Visit www.AnnualCreditReport.com or call 1-877-322-8228.
  • Check for unauthorized activity on your bank account and immediately report them to the bank's fraud department. 
  • Consumers can place a fraud alert on their credit reports to help mitigate potential issues by contacting the three credit reporting agencies: Equifax:  1-800-525-6285; Experian:  1-888-397-3742; and TransUnion:  1-800-680-7289.
  • Concerned consumers can also contact the Attorney General's Bureau of Consumer Protections helpline at 1-800-441-2555.

1 comment:

  1. Every company wants a system which can control computer hacking especially to avoid hacking of credit and other important information. Being a payroll providers guelph I always assist the companies to go for payroll service provider.

    Regard
    Jimmie Menon

    ReplyDelete