Paytime, Inc. says 233,000 people across the country could be affected by a data breach in which personal information may have been compromised.
The Upper Allen Township payroll company said a majority of those impacted are Pennsylvanians. However, there are others in nearly all 50 states.
Hackers gained access to Paytime’s client service center on April 7. The company discovered the breach April 30 and disabled the client service center.
INA, a security consulting company in Harrisburg, says it is unusual for security breaches to be discovered immediately.
“It is not unusual for companies to have some time lapse between the time that the breach occurred until it is discovered,” INA president John Sancenito said. “Often times, it can be a period of weeks, months or even years before a company realizes the full extent of a compromise in their data systems, if it is discovered at all.”
Some of the people affected say they have not received pay stubs from Paytime for several years, and they are concerned the company still had their information in their database.
“There is no law, ordinance or regulations that say companies must delete the information after a certain amount of time,” Sancenito said. “It is often up to the employers to notify the payroll company at what intervals they want older or terminated employees purged from the system.”
Metro Bank had a large influx of customers concerned about their bank accounts.
“We actually have a report that states 4,500 consumer customers and and about 150 business customers were actually impacted by the Paytime breach,” said Victoria Chieppa, senior operating officer of Metro Bank. “We are advising them to close their accounts and open new ones. We want to make sure the customers are taking this seriously, that they are not forgetting about it, assuming that if they have not heard anything that they are OK, because fraud doesn’t always occur immediately.”
Paytime is offering free credit monitoring and identity restoration to those who may be at risk.