computer screen with code

Payroll Security Breaches

We’ve created a list of recorded payroll specific security breaches to enable companies and public bodies understand the kind of payroll vulnerabilities they should be looking out for.


UK-based Parasol was hit by cyber thieves in January 2022, the third freelancer umbrella company to come under attack since September 2021.  The cyber criminals stole personal data from thousands of contractors, including names, addresses, payment invoices, bank details, and national insurance numbers.

Brookson Group

In January 2022, the Brookson Group, a UK-based financial services company that handles accountancy, tax, and payroll services, was knocked offline by a cyber attack followed by a ransomware attack. The company prevented client data from being stolen but could not avoid delays in payments to independent contractors.


In December 2021, a massive ransomware attack on Kronos, one of the largest payroll and workforce management companies in the US, disrupted payroll and time keeping for hundreds of thousands of people, including employees of Whole Foods, GameStop, and Honda in the US and retail giants such as Sainsbury in the UK. The breach targeted the Kronos Private Cloud, which hosts some of the world’s most popular workforce management software, including UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions.

It was later revealed that the attackers entered the system and stole corporate data before executing the ransomware attack. They used the stolen data to obtain the private data at other companies, including Puma – an attack that wasn’t discovered until January 2022.

Frontier Software

In November 2021 Frontier Software, a payroll and talent management software, was the victim of a ransomware attack. It was found that the data from 38,000 to 80,000 South Australian government employees was compromised. Date of birth, employee start date, and other payroll data was exposed.

Giant Pay

Popular freelancer umbrella company Giant Pay was hit by a cyber attack in September 2021, knocking the company offline and delaying payments to thousands of contractors that use the company for its payment services.


Back in January 2021, Arup, a UK-based engineering firm that employees 6,00 employee’s third-party payroll provider was a victim of a ransomware attack.  Arup was only informed in March of 2021.  In April 2021, the full details of the attack were published.  Data stolen included employee names, bank details, and home addresses.


In May 2020, Interserve, a contractor for Britain’s Ministry of Defense, was hacked. The hackers managed to gain access to up to 100,000 past and current employee details, including names, addresses, bank details, HR records, payroll, and pension information.


In 2016, payroll provider ADP was targeted by identity thieves who were able to steal payroll data as well as W-2 forms by registering employee names to gain access to a portal containing sensitive data. An undisclosed number of people were affected.


Between June and October 2018, Centerstone Insurance and Financial Services, operating under the name BenefitMall, a payroll and benefits provider, fell victim to a phishing attack which exposed over 111,000 individuals’ private data to hackers.  Information that was hacked included names, social security numbers, bank account details, date of birth, and addresses.

2 pamphlets


Between November 2018 and January 2019, KPMG Mexico, a payroll service provider exposed payroll data for 41 of their clients due to their information being stored in an insecure database.  The data became available online and accessible without any security checks or password protections.  Leaked data included federal taxpayer registry codes, social security numbers, bank account details, and salary information.

City of Tallahassee

In April 2019, nearly $500,000 was diverted from the City of Tallahassee’s payroll after a cyberattack that resulted in employees realizing they were not paid their monthly salaries. The hackers managed to infiltrate the state’s payroll provider and redirect employee payments to a foreign bank account.


Back in November 2019, a car was broken into and payroll data from 29,000 current and former Facebook employees was stolen from a hard drive.  Personal data including name, bank account details, and the last 4 digits of the employees’ social security number were taken.

Meadville Medical Center

In January 2020, the Meadville Medical Center in Pennsylvania had a security breach with their payroll system which resulted in unauthorized exposure of employee personal data and their dependents’ personal information.

With payroll seen more and more as an operational security weak point its vital to keep your workforce data secure from cyber criminals.

Papaya’s automated, cloud-based SaaS platform is ISO/27001 certified and SOC compliant, and includes Papaya Personal, a special portal for employees, workers, and contractors. All data is encrypted and is transferred through secure cloud-based channels, not email.

Phoenix Pay System

In February 2020 more than 69,000 Canadian federal employees became victims of a privacy breach after their personal information was emailed to the wrong people.

To fix problem of over payments by the federal government’s payroll system  – Phoenix Pay – the Public Services and Procurement Canada sent departmental heads of human resources and chief financial officers reports every two weeks listing employee over payments. A report naming 69,087 public servants including their personal and banking details was accidentally emailed to the wrong federal departments.