Phishing Attack against BenefitMall responsible for PII Release
Who: BenefitMall When: January 7, 2019
# of Records: 111,000
What was affected: Data Breach of Benefit Mall a U.S. provider of payroll, HR, and employer services
How it happened: An email phishing attack compromised employee login credentials. Emails may have included customer names, addresses, Social Security numbers, dates of birth, bank account numbers, and information on the payment of insurance premiums.
Outcome: Benefit Mall has since reviewed its email security controls to better protect against phishing attacks, along with two-factor authentication. Employees have also received further training around phishing awareness, which will be repeated on an ongoing basis.