Data Stolen from Employees of Marshall Medical Center

Marshall Medical Center Data Breach

Posted on behalf of Arnold Law Firm on May 06, 2020

NOTICE: If you are a current or past employee of Marshall Medical Center, and you have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.

data breach sticker on back of serverMarshall Medical Center (MMC) in El Dorado County, California, uses outside vendor PaperlessPay Corp. to produce electronic paystubs and W-2 forms for its employees.

On February 19, 2020, the Department of Homeland Security (DHS) alerted PaperlessPay Corp. that their clients’ employee data was for sale on the dark web. PaperlessPay Corp. confirmed that an unauthorized party gained access to their SQL service on February 18, 2020.

On March 20, 2020, PaperlessPay Corp. notified MMC about the cyberattack. MMC disclosed the data breach to their current and past employees, stating that potentially compromised information is associated with paycheck stubs and tax forms, and may include:

  • full names
  • addresses
  • pay and withholdings information
  • Social Security numbers

As a result of the security incident, MMC will not be sending any more employee information to PaperlessPay going forward and is going back to producing paper paystubs until an alternate vendor is established. MMC is offering credit monitoring and identity theft protection services and is urging their employees to take precautionary measures, such as changing account passwords and setting up fraud alerts with credit reporting agencies.

Marshall Medical Center has more than 1,600 employees at several facilities throughout El Dorado County, including in Placerville, Cameron Park, and El Dorado Hills. The nonprofit healthcare provider was founded in 1959.

PaperlessPay Corp., claims to have hosted 8 million paystubs and delivered over 106 million W-2 forms. The company provides electronic paystubs under the product names my-eStub.com and PPCStubs.com for the staff of hospitals, utility providers, and other employers. It is unknown how many of PaperlessPay Corp.’s 1500 clients or how many of the company’s 2.3 million enrolled users were affected by the security incident.

PaperlessPay Corp. was founded in 2007 and is based in Jacksonville, Florida. The company’s estimated annual revenues are $7 million. The company has not yet posted a public statement about the security incident or issued a formal notice to affected individuals.

If you are a current or past employee of Marshall Medical Center, and you have received a NOTICE OF DATA BREACH regarding this incident, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.