The Californian data protection office has published a sample notice from the ‘American Payroll Association’ (APA), detailing a data breach that was discovered on July 13, 2020. Unfortunately, the hackers behind the security incident managed to access and steal sensitive personal information, so the affected individuals are now notified via email and warned to take protective actions.
According to the details shared in the letter, APA had a credit card skimmer installed on both its login web page and its online store's checkout section, so essentially the hackers stole credit card details and information entered onto the website’s forms.
More specifically, the following information should be considered compromised:
The skimmer got to steal the account credentials and the payment card information, but the hackers may have accessed the rest of the data through direct account access. So, the above is not definitive nor confirmed, but it’s a grave possibility.
The affected individuals are advised to reset their passwords on the platform immediately. Besides that, everyone is recommended to review their financial reports and credit card statements carefully. If they see anything suspicious, they should report it to the bank issuer or police immediately.
As is the standard practice in these cases, APA is also supporting the exposed individuals with 12 months of free credit monitoring and identity theft services by Equifax. You have until October 31, 2020, to claim this, but you should by no means, wait until then.
APA hasn’t clarified the number of people who may have been compromised by this incident, but the organization’s IT team stated that the skimmers must have been active on the website since May 13, 2020. So, if you have entered any details on APA’s website between May 13 and July 13, 2020, you should contact the organization by sending an email to “[email protected]” and they will address your concerns and questions.