Frank O’Laughlin reports:
An investigation is underway after a payroll-related cyberattack led to “unauthorized access” to online payroll accounts and direct deposit information of some state workers, Massachusetts Comptroller William McNamara announced Wednesday night.
The Commonwealth is investigating the breach as an apparent “credential harvesting campaign” involving the state’s HR/CMS Employee Self-Service Time and Attendance system, according to McNamara.
A credential harvesting campaign is a cyberattack technique that involves stealing personal or financial data from users.
McNamara said a fake website was created to resemble the SSTA portal and that employees used this website, believing it to be the correct website.
Read more at Boston25.