MYOB data leak sprayed payments info to wrong workers

By on
MYOB data leak sprayed payments info to wrong workers

MYOB has apologised to customers for a data leak that saw individuals' payment summaries sent to the wrong people, and for long EOFY call centre queues.

Payment summaries - aka payslips - can include plenty of personal information of the sort that fraudsters prize, making this a very bad look indeed for MYOB.

In a statement issued late on Thursday the online accounting-ware vendor said “On 28 June we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019. Our investigation has since revealed 220 individual payment summaries went to the incorrect person.”

“We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors,” the statement added. “A small handful were detected and stopped, while all other payment summary emails have since been released in batches with the final emails to be sent by close of business today.”

Which isn’t good.

Compounding matters, the company said it’s also experienced “a small number of system issues on AccountRight Live impacting general performance during this End of Financial Year period, some of which have been beyond our control. This has included backing up files and sending emails.”

“Beyond our control” sounds an awful lot like problems at MYOB’s suppliers, one of which is known to be AWS.

MYOB’s statement said it’s kept customers up to speed with the situation, contacting them and explaining how to protect their identities and offering advice on how to “safely and correctly dispose of the misdirected payment summary emails.”

It’s also tweaked its code to make sure this error doesn’t happen again and is “working closely with the ATO and Office of the Australian Information Commissioner to ensure that all appropriate steps are taken.”

“We are sincerely sorry for the situation,” the statement says, “as well as the frustrations experienced by all our AccountRight Live customers caused by the delay in sending the payment summary emails. We apologise for the inconvenience caused as we know it is a busy time of year for businesses, however we could not take the risk with such sensitive, personal information.”

It’s also apologised for slow response from its call centres, which it says “have experienced a significant uplift in calls from customers due to the introduction of Single Touch Payroll.” MYOB doubled staff to handle that expected surge, but has still seen waiting times blow out to almost half an hour. Making matters worse, the high volume of meant its callback system decided a timely response was not likely and stopped offering to make return calls to customers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?