Cybersecurity

Cyberattack targeted Mass. state employee payroll system, officials say

An unspecified number of employees used the spoofed version of the payroll site, "allowing for unauthorized access to their user account and direct deposit information," the state comptroller's office said

Key_Biscayne_Paying_to_Get_Info_Back_After_Data_Breach

Officials in Massachusetts are investigating an apparent cyberattack that led to "unauthorized access" to some state employees' online payroll account and direct deposit information.

Comptroller William McNamara's office said someone created a fake website resembling the"Self-Service Time and Attendance," or SSTA portal for Massachusetts workers.

WATCH ANYTIME FOR FREE

icon

>Stream NBC10 Boston news for free, 24/7, wherever you are.

An unspecified number of employees used the spoofed version of the site, "allowing for unauthorized access to their user account and direct deposit information," McNamara's office said.

"There is no evidence indicating any compromise of the full system. The compromised accounts are the result of user error entering their credentials into a spoofed website," the comptroller's office wrote in a post Wednesday evening explaining the situation. "Please note that all potentially impacted employees have been contacted."

Michael Sangalang, a spokesperson for the comptroller's office, said Thursday morning it's not clear how many employees were affected.

"Many of the recent direct deposit changes were in fact legitimate requests; we are still working to determine how many were legitimate and how many were unauthorized," Sangalang said.

Employees known to be affected by the breach will receive a paper check, not direct deposit, for the current pay cycle, which will continue on time. Some workers who made a change to their direct deposit information between Oct. 1 and Oct. 8 will receive a paper check "out of an abundance of caution," McNamara's office said.

Local

In-depth news coverage of the Greater Boston Area.

1 person stabbed in Brighton

Judge grants Karen Read prosecutors' request for interview documents

Workers can confirm their direct deposit information remains accurate in the HR/CMS portal. Anyone who receives notice of unauthorized information change should contact their payroll department, or the MassHR Employee Service Center at (617) 979-8500 or MassHREmployeeServiceCenter@mass.gov.

Copyright State House News Service
Contact Us