Benefitmall – The US Payroll Firm - got hit by Phishing Attack

BenefitMall, the provider of payroll, employer services, and HR to businesses all over the United States, has reported an incident of data security that might have exposed personal information of consumers'.

"On October 11, 2018, the company became aware of an email phishing attack that exposed employee email login credentials," as per a press release of the company on Friday (i.e. on January 11, 2018). "While the dates of the unauthorized access vary, the issue generally occurred between June 2018 and the discovery date".

As per BenefitMall, emails in affected mailboxes might have included the consumers' names, Social Security numbers, addresses, bank account numbers, dates of birth, and information related to the insurance premiums payment.

BenefitMall - trading name of the Centerstone Insurance and Financial Services - offers several solutions for the employers, including administration of the payroll as well as employee benefits.

As per the Dallas-based company, they have access to personal information of consumers' due to nature of their work as service provider to the employers as well as other businesses. It is still unknown how many consumers of US were potentially got impacted by this data breach.

As per promotional material from BenefitMall, the company is working with a network of over 20,000 brokers as well as accountants that service around 200,000 small-sized and medium-sized businesses. The company said that "BenefitMall takes the privacy and security of personal information very seriously. Once BenefitMall learned of this issue, the company immediately initiated an internal review".

The company also hired one of the top computer forensics firms for conducting thorough investigation of this incident and remediate systems of BenefitMall. Moreover, law enforcement has also been reported about this incident by BenefitMall.

It looks like that this is not for the first time when BenefitMall is related to a data breach. The Dallas-based company said that additional security measures have now been implemented for protecting the email accounts of employee, including the two-factor authentication. "The company has also undertaken an employee education initiative to inform employees about phishing scams and how to guard against them, and will continue to deliver additional employee training about email safety and recognizing phishing emails," it said.

» SPAMfighter News - 1/21/2019