Breach: American Payroll Association
The American Payroll Association just notified its members that it has suffered a breach. Threat actors installed skimming malware on both the log in web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system. It was discovered around July 13, but before it could be removed unauthorized individuals gained access to information including first and last names, email address, job title/role, primary job function, company structure, gender; date of birth, address (either business or personal), including country, province or state, city, and postal code, company name and size, industry details, and the types of payroll and attendance software used at the member’s company.—Kevin Lancaster, ID Agent