Security News > 2020 > September > American Payroll Association User Data Stolen in Skimmer Attack
The American Payroll Association says user information was stolen after attackers managed to inject a skimmer on its website.
A payroll education, publications, and training provider, APA helps professionals increase their skill, offering payroll conferences and seminars, resources, and certification.
According to APA, information that was compromised during the attack included user login information and payment card information.
"Since discovering the cyberattack, APA has installed the latest security patches from our content management system to prevent any further exploitation of their website. APA technicians also reviewed all code changes made to the APA website since January; installed additional antivirus software on our servers; and increased the frequency of security patch implementation," the Association announced.
"This attack on the American Payroll Association's websites affected not only the payment page but also the login page, resulting in theft of usernames and passwords. The APA is an attractive target for Magecart attackers since their members have access to tools and systems that contain payroll data for millions of individuals. The attackers can brute force other payroll systems using the same stolen credentials to find other account takeover targets," Ameet Naik, security evangelist at PerimeterX, said in an emailed comment.