Massachusetts Office of the Comptroller shuts down payroll system after credential harvesting attack

The Massachusetts Office of the Comptroller has temporarily shut down its payroll system following a credential harvesting attack that compromised employee information. The breach occurred between October 1 and October 8, 2024. It involved a fake version of the agency’s Human Resources and/or Self-Service Time and Attendance (SSTA) system, which was used to trick employees into revealing their login credentials.

The Office of the Comptroller, responsible for overseeing the state’s financial and payroll systems, was targeted by cybercriminals seeking access to valuable economic data. This includes monitoring tax expenditures, ensuring the accuracy of financial records, and handling payroll for state employees.

Around 100 employees fell victim to the fraudulent site, entering their credentials, including direct deposit information used for electronic fund transfers such as salaries. While the breach did not appear to compromise the entire financial system of Massachusetts, the consequences for the affected employees could be severe. These individuals are at risk of financial fraud, as their credentials may be used to impersonate them or gain access to other government systems linked to their accounts.

The breach raises concerns over broader implications, as the compromised information could allow the perpetrators to access systems containing additional confidential data. However, the Office of the Comptroller has no evidence to suggest that the entire payroll or financial system was compromised.

In response to the incident, the office temporarily shut down the payroll system to prevent further exposure and protect employee data. This move reflects the agency’s commitment to safeguarding sensitive information while addressing the breach. The situation remains under investigation as the office works to mitigate any potential fallout from the attack.