Online hitch allows thieves to register fraudulently on payroll vendor portal.
Some customers of payroll processing provider ADP had unauthorized accounts created on ADP's portal in their names by thieves using stolen data, and their W-2 data compromised, reports KrebsOnSecurity. This leaves them exposed to the risk of tax returns being filed fraudulently in their names.
The breach was discovered last month by ADP client US Bank, which said that "a small population" of its 64,000 employees had its tax and salary data stolen from the payroll vendor portal.
To register on ADP, clients provide employees the company-specific link from ADP, and a company code. KrebsOnSecurity says unregistered employee accounts have been used by thieves to sign in with personal details of the employee, and siphon W-2 information.
This process is flawed because the code is posted by ADP customers on an unsecured online page; ADP has now disabled access to the registration portal for those clients found to be publishing the sign-up link and code online.
Read full story at KrebsOnSecurity.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024