MYOB has apologised to customers for a data leak that saw individuals' payment summaries sent to the wrong people, and for long EOFY call centre queues.
Payment summaries - aka payslips - can include plenty of personal information of the sort that fraudsters prize, making this a very bad look indeed for MYOB.
In a statement issued late on Thursday the online accounting-ware vendor said “On 28 June we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019. Our investigation has since revealed 220 individual payment summaries went to the incorrect person.”
“We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors,” the statement added. “A small handful were detected and stopped, while all other payment summary emails have since been released in batches with the final emails to be sent by close of business today.”
Which isn’t good.
Compounding matters, the company said it’s also experienced “a small number of system issues on AccountRight Live impacting general performance during this End of Financial Year period, some of which have been beyond our control. This has included backing up files and sending emails.”
“Beyond our control” sounds an awful lot like problems at MYOB’s suppliers, one of which is known to be AWS.
MYOB’s statement said it’s kept customers up to speed with the situation, contacting them and explaining how to protect their identities and offering advice on how to “safely and correctly dispose of the misdirected payment summary emails.”
It’s also tweaked its code to make sure this error doesn’t happen again and is “working closely with the ATO and Office of the Australian Information Commissioner to ensure that all appropriate steps are taken.”
“We are sincerely sorry for the situation,” the statement says, “as well as the frustrations experienced by all our AccountRight Live customers caused by the delay in sending the payment summary emails. We apologise for the inconvenience caused as we know it is a busy time of year for businesses, however we could not take the risk with such sensitive, personal information.”
It’s also apologised for slow response from its call centres, which it says “have experienced a significant uplift in calls from customers due to the introduction of Single Touch Payroll.” MYOB doubled staff to handle that expected surge, but has still seen waiting times blow out to almost half an hour. Making matters worse, the high volume of meant its callback system decided a timely response was not likely and stopped offering to make return calls to customers.