MyPayrollHR a now-defunct cloud-based payroll company based in New York, suddenly ceased operations last week after slashing employees at thousands of companies. The ongoing debate, alleging abuse by the CEO of a payroll company, resulted in countless people squeezing money out of their bank accounts and leaving nearly $ 35 million in pay and tax payments in legal limbs.
Contrary to many stories here about cloud service providers being hacked by payday hackers, this snafu seems to be something of an inside job. Nevertheless, this is a story worth telling, in part because much of the media coverage of this incident has been somewhat disconnected so far, but also because it should serve as a warning to other pay providers about how quickly and massively things are they can go wrong when a trusted partner unexpectedly becomes a cheater.
Clifton Park, NY based MyPayrollHR ̵
This announcement came after employees of MyPayrollHR-dependent companies receiving direct deposits from their biweekly paychecks opened their bank instead the bills were debited for the amounts they would normally expect to accumulate in a given pay period.
To make matters worse, many of these employees found that their accounts were cut for two pay periods – a month's pay – leaving their bank accounts dangerously in the red.
The rest of this post is a deep dive into what we know so far about what happened and how such an event can be prevented in the future for other payroll companies.
TEXTILE FILE FOR MILLED $ 26
In order to find out what is at stake here, a basic literary is needed on how most of us get, which is a surprisingly confusing process. In a typical scenario, our employer works with at least one third-party company to make sure that every Friday what we owe will be credited to our bank account.
The company that handled this process for MyPayrollHR is a California company called Cash Financial Services . Every other week for more than 12 years, MyPayrollHR sends a file to Cachet, telling it which employee accounts to which banks should be credited and how much.
According to an interview with Cachet, the way the process worked was something like this: MyPayrollHR will send a digital file documenting deposits made by each of these clients that expose the amounts owed to each client's employees. These funds will then be deposited by MyPayrollHR's customers into a settlement or account maintained by Cachet.
From there, Cachet will take these amounts and pay them into the bank accounts of people whose employers have used MyPayrollHR to manage their biweekly payroll.
But, according to Cachet, something strange happened to the MyPayrollHR instruction file, presented on the afternoon of Wednesday, September 4, which had never been transcribed: MyPayrollHR requested that all of its clients' salaries be sent to Cachet's government account, and instead of an account with Pioneer Savings Bank which was managed and controlled by MyPayrollHR.
The total amount of this payroll deposit was approximately $ 26 million. Wendy Slavkin Cachet's general counsel told KrebsOnSecurity that her client then asked Pioneer Savings for a deposit and was informed that MyPayrollHR's bank account had been frozen. financial institutions for their various clients to withdraw $ 26 million from Cachet's government account – although no regular deposits from MyPayrollHR's customer banks have been made.
REVERSING THE REVERSAL
In response, Cachet submitted a request to cancel this transaction. But according to Slavkin, this initial cancellation request was formatted incorrectly, which is why Cachet shortly after submitting a properly coded suspension request.
It is assumed that financial institutions ignore or reject payment instructions that do not match the exact formatting required by the National Automated Clearinghouse Association (NACHA), a non-profit organization that provides the basis for the electronic money movement in the United States. But Slavkin said a number of financial institutions ended up processing the two cancellation requests, which meant that quite a few employees at companies using MyPayrollHR suddenly saw the value of monthly paychecks being withdrawn from their bank accounts.
Dan L & # 39; Abbe CEO of San Francisco-based consulting firm Granite Solutions Groupe, said the mixup was seriously disruptive to its 250 employees.
"It caused a lot of chaos for the employers, but it was the employees who were really affected. "All of this is very unusual because we don't even have the ability to collect money from our employees' accounts."
Slavkin said Cash managed to reach the CEO of MyPayrollHR – Michael T. Mann – by phone on the evening of September 4 and Mann said he would call back in a few minutes. According to Slavkin, Mann never returned the call. Not long after, MyPayrollHR told customers he was leaving work and they have to find someone else to handle their pay.
In short, many people are affected by one or more both payrollers took to Twitter and Facebook to vent their anger and bewilderment at Cachet and MyPayrollHR, but Slavkin said that in the end, Cash decided to cancel the previous payments, leaving Cash on the hook for $ 26 million. "
" What we have done so far has been reaching 100+ host banks to force them to reject both changes, "Slavkin said. "So most – if not all – of those affected will receive all their money in the next day or two."
The cache has since been in contact with the FBI and federal prosecutors in New York and Slavkin said both are now investigating MyPayrollHR and its CEO. On Monday, New York Governor Andrew Cuomo called on the State Department of Financial Services to investigate the "sudden and alarming shutdown of the company."
The $ 26 million hit against Cachet was not the only fraud apparently committed by MyPayrollHR and / or its parent company: According to Slavkin, the now-defunct New York company also The National Payment Corporation (NatPay), a Florida-based company that processes tax deductions for MyPayrollHR customers, has more than $ 9 million.
In a statement provided to KrebsOnSecurity, NatPay stated that it was known late last week that the bank accounts of MyPayrollHR and one of its related companies were frozen and the notification came after payment files were processed.
"NatPay was informed that MyPayrollHR and Cloud Payroll could be victims of fraud committed by their holding company ValueWise, whose CEO and owner is Michael Mann," NatPay said. "NatPay Immediately Takes Steps to Manage the Tidy Refund Process [and] There is more than enough insurance to cover action for trial or fraud."
Requires comment from various executives, both from MyPayrollHR and from parent company ValueWise Corp. went unanswered and the latter's website is now offline. Several MyPayrollHR employees reached through LinkedIn said none had seen or heard from Mr Mann in days.
Meanwhile, Granite Solutions Groupe CEO L & # 39; Abbe said some of his employees saw their bank accounts being credited back with money that was
"That varies greatly," said L ' Abbe. "Every bank handles it differently, and everyone's relationship with it is different. Others have absolutely no money at the moment and have time to bank with their bank, believing that all this is the result of fraud. Things are starting to settle now, but many employees are still limb with their bank. "
For its part, Cachet Financial says it will look for solutions to better identify when and if customer instructions for financing settlement accounts suddenly change.
"Our system is excellent for protection against external hackers," said Slavkin. "But when it comes to something like this, it takes everyone by surprise."
Tags: Cachet Financial Services, Dan L & # 39; Abbe, Granite Solutions Groupe, Michael T. Mann, mypayrollHR, National Payment Corporation, Pioneer Savings bank, ValueWise Corp., Wendy Slavkin
You can skip to the end and leave a comment. Pinging is currently not allowed.