Paycom Data Breach
Published in Cyber Security · Wednesday 08 May 2024
- ClassAction.org - Newswire - by Corrado Rizzi
Paycom Data Breach April 2023
Paycom Payroll faces a class action lawsuit over a 2023 data breach during which an unknown party accessed the company’s systems and stole thousands from customers’ accounts.
Paycom - Payroll faces a proposed class action lawsuit over an April 2023 data breach during which an unknown party accessed the company’s systems and stole thousands from Paycom customers’ accounts by re-routing their direct deposits to unknown accounts.
The 49-page Paycom Payroll data breach lawsuit says that the party or parties responsible for infiltrating the online payroll and human resources company’s systems “still have access to Paycom’s network” and thus access to customers’ personally identifiable information. Per the case, Paycom services thousands of employers nationwide and collects in the course of its business Social Security numbers, addresses, dates of birth, phone numbers, financial account numbers and more.
“As such, Defendant assumed the legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access,” the suit emphasizes.
According to the complaint, Paycom in May of last year began to receive reports that unknown actors were accessing individuals’ personal Paycom accounts and re-routing their direct deposits elsewhere.
Despite this, the lawsuit says, Paycom has failed to notify proposed class members of the data breach, leaving the consumers to discover the intrusion on their own only after “it was too late and unknown persons had already stolen their hard-earned paychecks.”
“Due to Defendant’s negligence, cybercriminals obtained everything they need to commit identity theft and continue wreaking havoc on the financial and personal lives of thousands of individuals,” the filing states, noting that Paycom data breach victims will likely have to deal with the threat of identity theft and fraud for the rest of their lives.
To date, the root cause of the Paycom data breach, the vulnerabilities exploited and the measures potentially taken to ensure another cyberattack does not happen in the future have not been shared with the public or regulators, the case says.
Each of the suit’s three plaintiffs claims to have had more than $1,300 stolen after the hackers accessed their account and changed their direct deposit information.
The lawsuit looks to cover all persons whose Paycom accounts were accessed by unauthorized parties between April 2023 and the present.