The American Payroll Association (APA) disclosed a data breach after attackers planted a web skimmer on the APA’s website login and checkout pages and then accessed the personal information of members and customers. APA’s IT team uncovered unusual activity on the site dating back to May 13, 2020 at approximately 7:30 pm CT.
Client-side data breaches are a major risk to organizations in the era of stronger data privacy regulations such as CCPA. This attack on the American Payroll Association’s websites affected not only the payment page but also the login page, resulting in theft of usernames and passwords. The APA is an attractive target for Magecart attackers since their members have access to tools and systems that contain payroll data for millions of individuals. The attackers can brute force other payroll systems using the same stolen credentials to find other account takeover targets.
Digital skimming and Magecart attacks take advantage of Shadow Code in websites introduced via third-party scripts, open source libraries or third-party plugins for content management systems. This Shadow Code, introduced without formal approvals or security validation, can expose websites to client-side attacks leading to data breaches and compliance violations.
Businesses must take steps to manage the Shadow Code risks by applying timely security patches and upgrading vulnerable open source libraries and third-party plugins. In addition, client-side application security solutions can provide full runtime visibility and control over all scripts and prevent client-side data breaches. Consumers must ensure that they use unique passwords and multi-factor authentication for different websites to minimize the risk of account takeover (ATO) attacks, and must continue to monitor their credit reports for signs of identity fraud.