EPIC Defends Right of PayTime Data Breach Victims to Bring Suit

EPIC.org is joining those who believe that victims of the PayTime data breach should not have had their lawsuit dismissed for lack of standing.  EPIC has filed an amicus  urging a federal appeals court to overturn a decision that limits the ability of data breach victims to sue. The plaintiffs sued a payroll company after their Social Security Numbers and other identifying information were exposed. A lower court dismissed the case because fraudulent transactions had not yet occurred. EPIC argued that data breach victims can sue without having to wait for specific damages. EPIC cataloged the epidemic of data breaches in the US, and explained why companies should be liable when they fail to protect the consumer data they collect. EPIC regularly files briefs defending consumer privacy.

Lawsuits over Paytime data breach dismissed

Matt Miller reports: Saying no legally compensable injuries have yet occurred, a federal judge Friday dismissed two would-be class-action lawsuits filed over last year’s massive data breach at the Paytime Inc. national payroll firm. The clients who sued the Cumberland County-based Paytime had sought financial damages for what they claimed was the threat they face of identity theft due to the April 2014 breach by unknown hackers. They contended that about 233,000 Paytime clients were put at risk nationwide. Also, the clients claimed in their suits that Paytime, which offered free credit monitoring and identity restoration services to those affected, had delayed informing them about the breach. Read more on PennLive.

Update: Paytime breach may affect 233,000

WITF reports that the Paytime breach affected even more than previously disclosed: Cumberland County-based Paytime says as many as 233,000 people may be affected by a data breach. The payroll processor distributed about 88,000 W-2’s in 2012, but says in a filing with the North Carolina Attorney General that dependents and spouses information may have also been accessed. Read more on WITF, where they’ve posted an updated statement from Paytime.

PayTime Data Breach Hits Some Workers Hard

When we think about consequences of hacks or breaches, let’s not lose sight that people may lose their jobs simply because their data was caught up in an incident – even if there was no evidence that their information was misused. idRADAR.com has a good example of that in the aftermath of the PayTime hack. They previously reported other examples of how becoming a victim of hack can cost security clearance and/or jobs, with a follow-up on one such case.

Paytime, Inc. breach affected over 216,000

One day, businesses will heed my sage advice not to stay in the news cycle by letting details dribble out piecemeal. Today is not the day, however, so thankfully, idRADAR did some digging and has found out that over 215,000 were affected by the Paytime, Inc. breach covered previously on this blog. Jeanne Price reports: News that Hanover Foods was a PayTime client first surfaced in comments posted on databreaches.net, a website dedicated to documenting the history of breach around the globe. A man identified as Luke shared this comment: “I worked for a subsidiary of Hanover Foods (Spring Glen Fresh Foods in Ephrata, PA.) and just got a letter from Paytime stating all of my personal data including SS#, banking info, D.O.B., home address and wage info was compromised during this incident. Just checked with 2 friends who worked there at the same time and they got the same letter.” idRADAR News also obtained documents from North Carolina indicating that 5,867 employees Hanover had been impacted. That figure is included in the 216,274 nationwide breach total. Read more on idRADAR.

PA: Another Paytime client affected by hack notifies employees

Eric Veronikis reports that about 200 employees of Carlisle Borough are being notified of the breach at payroll processor Paytime, Inc.: Carlisle learned this week that its payroll information was compromised as the company it formerly used to process pay slips recently discovered a data breach that put the personal information of its customers’ employees at risk of being stolen. Upper Allen Township-based Paytime Inc. handled the borough’s payroll processing duties in 2008 and 2009. The firm said it notified its customers on April 30 that due to a data breach it discovered last month, hackers could have gained access to employee names, social security numbers, bank account information, home addresses, birth dates, hire dates, wage information, home and cellphone numbers and other related payroll information. Paytime would not disclose how many records were affected by the hacking incident during an earlier interview with PennLive. Read more on PennLive. So why was Paytime still retaining the data of a former client in a way that allowed hackers to access it?

Paytime sends notification letters

The Paytime, Inc. breach, noted previously, has resulted in Paytime notifying the California Attorney General’s Office. Since California only requires notification if over 500 residents are affected, it may indicate that the breach was fairly large. According to their forensic investigation, hackers accessed personal information – including name, address, phone numbers, Social Security number and date of birth – as well as payroll and wage/hire information and bank account information.  

Wayne County employees information part of Paytime breach

Terrie Morgan-Besecker reports that employees of Wayne County, Pennsylvania have been notified of the Paytime, Inc. breach noted previously on this blog: Hackers breached Wayne County’s payroll processor, potentially gaining access to hundreds of government employees’ Social Security numbers, home addresses and bank account information. Chief Clerk Vicky Botjer confirmed the county was notified Tuesday that Paytime Inc. of Mechanicsburg discovered on April 30 that records of multiple clients were accessed by online hackers. Paytime processes payroll for roughly 500 full-time and part-time workers in the county, she said. Read more on the Times-Tribune.

PA: Hackers breach Paytime, Inc. payroll company

Joshua Vaughn reports: One Midstate payroll company is working to address security issues after discovering hackers had breached its security and accessed client information. In a written statement, Paytime Inc. of Upper Allen Township said it discovered a security breach on April 30. A subsequent investigation by third-party forensic IT experts found that the intruders — which the statement described as “skilled hackers working from foreign IP addresses” — first gained access to the company’s client service center on April 7. […] Paytime’s statement said the breach was related to clients’ user names and passwords, but a letter obtained by abc27 to employees of a company that uses Paytime’s services stated that personal information like Social Security numbers, bank information, date of birth, wage information and home address were also accessed by the hackers. Chris Haverstick, vice president of sales and marketing at Paytime, confirmed that hackers accessed this personal information. Read more on The Sentinel. Jan Murphy of PennLive also reports on the breach, noting that there is likely a large number of individuals affected. Although the firm has sent notification letters to its clients, notification letters to their employees will not go out until May 21. Those affected will be offered some free identity theft restoration services through AllClear ID if they become victims of ID theft.