Company Pay System Vulnerable to HackersRises in hacking incidents recently made companies rethink their security measures. The most recent addition to these of late was when a hacker was thwarted from transferring company payroll funds to counterfeit bank accounts. Criminals are making millions of dollars hacking companyComputers and diverting funds. It seems that they are expanding their attacks to include even the payrolls of hard working company employees. The computer affected is owned by Regeneron Pharmaceuticals, a large drug manufacturing company with more than 1,000 employees in its roster. The perpetrator was able to steal the user credentials of an employee and log in to the third-party payroll system provided by Ceridian system. Although the hack was stopped before it could do any real damage, Regeneron Human Resource Vice President Ross Grossman narrated how an unidentified malware was used to gain access to the Ceridian Payroll system. The criminal was able to locate nine employees who received direct deposit payments and tried to change the information of their accounts with fraudulent ones. Upon discovering the alteration, Regeneron cancelled the pending transactions and was able to avert an illegal transfer of funds. The affected employees were immediately informed. Regeneron was fortunate that the hackers seemed to be not too familiar with their system. Since Regeneron was not able to assess the extent of the Ceridian system that was hacked, they notified all current and previous employees whose bank account data could have been viewed or tampered with during the attack. The company has already taken action to prevent more of such incidents. A similar incident with the Ceridian payroll system was also reported last year. That December, a hacker was able to steal 27,000 customer records containing sensitive information that affected a large number of companies. Ceridian refused to comment on the issue.
These types of payroll-targeted attacks are more prevalent than most companies realize. Investigators and security analysts agree that there have been increasing incidences of third-party payroll files being altered. These files are used by banks when processing employee payments. Infiltrating third-party companies such as Ceridian may be how this financial fraud is being perpetuated. It may be unclear how effective security measures in place are as companies are very secretive when it comes to their own. Hopefully these incidents compel more third-party companies to increase their security measures |