The American Payroll Association (APA) has issued a data breach notification after being hit by a skimming attack.
Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association's online store by exploiting a vulnerability in the APA’s content management system.
The data security incident was discovered "on or around July 13, 2020." An investigation by the APA's IT team uncovered unusual activity on the APA site dating back to May 13, 2020.
As a result of the attack, unauthorized individuals gained access to login credentials, personal information, including names and dates of birth, and individual payment card information.