follow us:Google+FacebookLinkedInTwitterVimeoRSS Feeds

advertisement

Paytime plans call center following security breach

By

Back to Top Comments Email Print

After discovering a security breach that gave hackers access to sensitive information, including bank account data, Paytime Inc. plans to contact employees of affected clients starting next week.

Chris Haverstick, Paytime's vice president of sales and marketing, said the company understands the urgency of the situation and is doing everything it can to provide the employees with credit monitoring as soon as possible.

"We will be mailing letters to employees that provide access to credit monitoring and identity restoration services beginning on May 21," he said.

Paytime needs the time between now and then to obtain permission from clients to notify affected employees and to establish the call center and other resources, Haverstick said.

Haverstick also confirmed the scope of the breach, as Paytime noted in a letter to clients: “Names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses were accessed by the intruders. There is also a possibility that information related to corporate bank accounts associated with your payroll was accessed."

The company, which is based in Upper Allen Township, said it discovered a compromise of user names and passwords related to its client service center on April 30 and began investigating immediately. So far, its crew, along with third-party IT forensic experts and law enforcement, have determined that the intruders — "skilled hackers working from foreign IP addresses" — first gained access to Paytime’s systems April 7.

"These intruders identified and exploited a vulnerability in Paytime’s Client Service Center, which allowed them to access employee information. Paytime has since run multiple tests to confirm security, and have also implemented new monitoring and intrusion detection systems," Paytime said in a written statement.

According to that statement, Paytime began notifying clients Monday and says it will provide resources needed to respond to the incident, including giving clients' employees access to one free year of credit monitoring, call center support and identity restoration services in the event any employee discovers fraudulent activity.

Business Journal records say Paytime issued 85,000 W2s in 2012, the most recent year for which the information was available. Discovery of the breach came shortly after an April 28 move that consolidated Paytime's two offices into one.

Heather Stauffer

Heather Stauffer

Heather Stauffer covers Lancaster County, nonprofits, education and health care. Have a tip or question for her? Email her at heathers@cpbj.com. Follow her on Twitter, @StaufferCPBJ.

advertisement

Comments


Really said:
I cannot tell by this letter who the employer was--I can guess--but I don't know what these initials mean. Also I haven't been employed by anyone for over 4 years so why should my information and that of my spouse still be in a data base? I froze our credit 6 months ago because we won't need any credit from here on out and if we do I can release it so that should help since no one can get credit in either of our names. Very frustrating though for it to take so long to notify me, and that this information was available 4 years after layoff.

June 9, 2014 3:43 pm

Tiger said:
I finally got my letter on the last day of May. I was affected due to an employer using their services but I haven't worked for that employer for over 8 years. What were they still doing with my information on their systems 8 years later? Also, if you look at the 1 year of AllClear identity monitoring they don't monitor your account at all, you still have to do it, they just help you clean it up if there is unauthorized activity going on after you report it to them. If you want to have them monitor for the year too you have to sign up for another plan.

June 1, 2014 7:28 am

also affected said:
Kraemer & Mains Associates

https://www.idradar.com/news-stories/identity-protection/PayTime-Inc-Payroll-Data-Breach-Total-Over-215000-Nationwide

May 30, 2014 11:17 pm

Donna said:
sign me up for the suit. What good is a year of monitoring. They will have our information forever.

May 29, 2014 2:23 pm

Litigious said:
I always wanted to be part of a class action suit, but could never find the right one. I am part of this class, however, and I'm thinking this might be a good opportunity. Besides, my right to privacy, as outlined in the constitution, has been violated. I am justifiably angered by their refusal to disclose that my private information was jeopardized in a timely fashion. We must think, first and foremost, of the children. Actions like these make me think that the internet should be shut down, and that we should go back to having three channels on the television. One question I have is, if I take the free year credit reporting, do I waive my right to sue?

May 27, 2014 3:47 pm

Get a grip said:
Come on people. A class action lawsuit? LOL. For what? Your $10 box of checks?

Boy oh Boy, everybody's an expert aren't they?? Sue happy people who think they know everything. Gotta Love 'em!!!

May 27, 2014 2:54 pm

I Don't Get It said:
Paytime VP/tool Chris Haverstick cluelessly told another publication that when it comes to understanding this hacking debacle, innocent victims of his company's ineptitude "don't get it." Paytime is offering these same victims the opportunity to provide to a Paytime partnering company the very same personal data his company carelessly allowed hackers to access so that the partner can provide a year of "free" credit monitoring. No thanks. Haverstick whines that he wishes we could all share the joy of Paytime's move to a new building, rather than focus on a data breach that affects 1,200 current and former business clients and tens of thousands of individual victims, including spouses who share joint accounts with victims. With regard to why Haverstick still has a job, he is correct: I don't get it.

May 21, 2014 9:51 pm

I Don't Get It said:
Paytime VP/tool Chris Haverstick cluelessly told another publication that when it comes to understanding this hacking debacle, innocent victims of his company's ineptitude "don't get it." Paytime is offering these same victims the opportunity to provide to a Paytime partnering company the very same personal data his company carelessly allowed hackers to access so that the partner can provide a year of "free" credit monitoring. No thanks. Haverstick whines that he wishes we could all share the joy of Paytime's move to a new building, rather than focus on a data breach that affects 1,200 current and former business clients and tens of thousands of individual victims, including spouses who share joint accounts with victims. With regard to why Haverstick still has a job, he is correct: I don't get it.

May 21, 2014 9:49 pm

Anon said:
Please repost if anyone hears of a Class Action Lawsuit. I would be very interested in joining it. I am appalled that not only did they take so long to inform their clients of the breach but also that they are offering just one year of coverage. They need to offer it for at least 3 years.

May 21, 2014 6:38 pm

Ticked said:
For those of you (like me) who have been affected, but not yet informed, here's some advice for how to handle the information you're about to receive:

It's a must read !!

https://www.privacyrights.org/how-to-deal-security-breach

The INDEX:
Introduction
Figure out what type of breach has occurred
What to do if you are a victim of a breach involving your SSN
Notify the credit bureaus and establish a fraud alert
Order your credit reports
Examine your credit reports carefully
Continue to monitor your credit reports
Consider a security freeze
Information for businesses
Resources

May 20, 2014 9:02 am



Please note: All comments will be reviewed and may take up to 24 hours to appear on the site.

Post Comment
     View Comment Policy
advertisement
  
  
advertisement
  
  
advertisement
Back to Top