
The Office of the Comptroller in Massachusetts has temporarily shut down its payroll system after employees were lured into revealing their credentials to threat actors.
The agency, responsible for overseeing financial and payroll systems throughout Massachusetts, had suffered a credential harvesting attack.
The Massachusetts Office of the Comptroller takes on the state's financial responsibility, monitoring and tracking where taxes are being spent, ensuring the accuracy of financial records, enforcing governmental spending laws and budgets, and handling payroll for state employees.
Presumably, to access this gold mine of financial information, bad actors created a dummy version of the agency’s HR and or employee Self-Service Time and Attendance (SSTA) system to harvest employees' credentials.
Roughly 100 employees logged into the fake website between October 1st and October 8th, 2024.
This allowed bad actors to access the affected employee's credentials and direct deposit information. Direct deposit is a way of electronically transferring funds like salaries without needing a physical cheque.
While the credentials may not have been enough for bad actors to financially compromise the entirety of the Massachusetts area, threat actors can use this information in a number of different ways.
Those 100 employees impacted by the breach could be vulnerable to financial fraud and even impersonation.
It may be that the SSTA system was linked to their work email addresses, meaning that bad actors could use this information to impersonate these employees and commit fraud.
Furthermore, by potentially harvesting their email addresses and passwords for the SSTA system, bad actors could try to access systems linked to the agency to exfiltrate more confidential information.
However, the office said that there is no evidence that the full system was compromised.
The comptroller’s office said they shut down the payroll system temporarily in order to protect employee information.
Your email address will not be published. Required fields are markedmarked