PaperlessPay Corp. Data Breach

NOTICE: If your employer uses the services of e-payroll vendor PaperlessPay Corp., and you have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.

red-cyber-securityOn February 19, 2020, the Department of Homeland Security (DHS) alerted PaperlessPay Corp. that their clients’ employee data was for sale on the dark web. PaperlessPay Corp. confirmed that an unauthorized party gained access to their SQL service on February 18, 2020.

PaperlessPay Corp. then notified its clients about the cyberattack. The company provides electronic paystubs under the product names and for the staff of hospitals, utility providers, and other employers. It is unknown how many of PaperlessPay Corp.’s 1500 clients were affected by the security incident.

So far, the following PaperlessPay Corp. clients have disclosed the data breach to their current and past employees:

  • Marshall Medical Center – hospital system in El Dorado County, California
  • Community Memorial Health System – hospital system in Ventura County, California
  • Orlando Utilities Commission – water & electric public utility provider in Orlando, Florida
  • Fareway Stores – Midwest grocery store company based in Boone, Iowa
  • Lee Auto Malls – automotive dealer in Maine
  • MP Environmental Services, Inc. – transportation, demolition and remediation company based in Bakersfield, California

Potentially compromised information is associated with paycheck stubs, W-2 forms, and payroll deposits, and may include:

  • Full names
  • Addresses
  • Bank account numbers
  • Social Security numbers
  • Pay and withholdings information

These employers are offering credit monitoring and identity theft protection services and are urging their employees to take precautionary measures, such as changing account passwords and temporarily freezing credit reports.

PaperlessPay Corp. claims to have hosted 8 million paystubs and delivered over 106 million W-2 forms. It is unknown how many of the company’s 2.3 million enrolled users may be affected by this data breach.

PaperlessPay Corp. was founded in 2007 and is based in Jacksonville, Florida. The company’s estimated annual revenues are $7 million. The company has not yet posted a public statement about the security incident or issued a formal notice to affected individuals.

If your employer uses the services of e-payroll vendor PaperlessPay Corp., and you have received a NOTICE OF DATA BREACH regarding this incident, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.