Over the past several months, we have been made aware of a recent cyber crime scheme that involves compromised usernames and passwords to access employee data for tax fraud. We’ve notified customers several times via email newswire of threats this tax season and encouraged our customers to use our new multi-factor authentication in response. We’ve learned that several of our customers have had their user login information compromised and then used to illegally access employee data, we believe through phishing or malware that the perpetrators install on end-user computers. We are working in cooperation with these customers and the appropriate authorities to assist in their investigations.
Several recent articles have been posted suggesting that our solution was compromised, however we have conducted thorough investigations and there is no indication that our application security was compromised or that there was any intrusion onto any of our internal networks or servers. The incidents appear to be on the end-user side through individual employee computers that are infected with malware. There is a difference between an end-user’s computer getting hacked by spyware (which allows the criminal to see any information that is typed into that PC – including any system usernames and passwords), and the vendor’s network or database being compromised (which could expose many customers’ sensitive data concurrently to one criminal.) We have no evidence that there has been any compromise of our network or servers – all of the theft appears to have occurred through stolen logins at an individual end-user’s level.
We have no reason to believe that this tax fraud scheme was aimed specifically at us or our customers. Unfortunately, numerous companies across the U.S., regardless of payroll provider, appear to have been victims. The increasing incidents of identity theft across the country are extremely regrettable – regardless of whether the data is stolen at the end-user or vendor level. As cyber criminals evolve, we all must work together to evolve our security practices. We recently introduced optional multi-factor authentication and we again urge our customer to take advantage of this additional security measure, as well as enforcing frequent password resets, and ensuring all employee computers are protected against malware/spyware.
We take cyber crime of any kind extremely seriously. Although there is no indication that our application or servers were compromised, we have taken steps to assist our customers in protecting themselves against unauthorized access. As soon as we became aware in February that one of our customers may have been the target of unauthorized access to their employee data, we took the following measures:
- Temporarily removed access to the private employee data that tax fraud perpetrators target such as W-2 files, so that we could add a secondary level of user verification (called two-factor authentication)
- Notified our customers of increasing incidents of identity theft this tax season, including employee data theft for the purposes of tax fraud
- Introduced multi-step user verification and strongly encouraged our customers to use this feature
- Recommended that our customers take precautions on their end, such as enforcing frequent password resets for their users, and keeping their employees’ computers up-to-date on anti-malware protection
If you have any questions, you can contact us at UltiProInfo@ultimatesoftware.com