The payroll records of at least a dozen companies were exposed to the Internet by a flaw in the online W-2 service of PayMaxx, the accounting firm has acknowledged.
The flaw, uncovered by a Web application programmer this week, affected a limited number of customers, PayMaxx said Thursday in a statement sent to CNET News.com. PayMaxx closed the site Wednesday, after the researcher claimed that two security holes had exposed data on more than 25,000 people. Only six attempts to access unauthorized data were made in the week before the company shuttered the site, Tennessee-based PayMaxx said. The company said no other attempts had been made to exploit the vulnerability.
"Based on our initial analysis, the potential exposure is limited to a small number of companies and W-2 forms," PayMaxx said. "We have no evidence to substantiate that any other access has occurred."
The site
remained offline on Friday.
Other companies have recently acknowledged that they may have inadvertently left consumer information unprotected. Last week, data-collection company ChoicePoint said information on approximately 150,000 subscribers was given to about 50 fake business fronts created by fraudsters. On Friday, Bank of America announced that lost backup tapes may have left as many as 1.2 million records unprotected.
A description of the PayMaxx problem posted on Think Computer's Web site by Aaron Greenspan, president of the software start-up and the researcher who uncovered the flaw, said the security issues could let anyone view the W-2 forms generated for employees of PayMaxx's clients for the last five years. PayMaxx, however, disputed the report and accused Greenspan of withholding information that could have allowed it to act more quickly.
"Due to the lack of specificity provided by Mr. Greenspan in his obvious sales pitch, PayMaxx did not view his communications as credible," the company said in its statement. "Consequently, we declined his offer to hire his services."
Greenspan said PayMaxx is downplaying the problems.
"Think (Computer's) personnel made far more than six attempts to test the vulnerability...indicating that PayMaxx may be either hiding or missing crucial evidence of past break-ins," Greenspan said in an e-mail interview with CNET News.com.
PayMaxx plans to notify every company affected by the flaw, the company told CNET News.com.
Somebody please send PayMaxx and Choicepoint senior executives a copy of this book ASAP.
<a class="jive-link-external" href="http://www.everett.org/work.shtml" target="_newWindow">http://www.everett.org/work.shtml</a> Internet Privacy for Dummies
"...As the creator of the Chief Privacy Officer position, a role that is rapidly becoming common in many major corporations (including Microsoft, IBM, AT&T, Bank of America, Verizon, and American Express), Ray is an acknowledged expert in corporate and e-commerce privacy-related risk management and strategy."
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
<a class="jive-link-external" href="http://www.everett.org/work.shtml" target="_newWindow">http://www.everett.org/work.shtml</a>
Internet Privacy for Dummies
"...As the creator of the Chief Privacy Officer position, a role that is rapidly becoming common in many major corporations (including Microsoft, IBM, AT&T, Bank of America, Verizon, and American Express), Ray is an acknowledged expert in corporate and e-commerce privacy-related risk management and strategy."