Payroll-related cyberattack led to breach of Mass. state workers’ information, comptroller says

An investigation is underway after a payroll-related cyberattack led to “unauthorized access” to online payroll accounts and direct deposit information of some state workers, Massachusetts Comptroller William McNamara announced Wednesday night.

The Commonwealth is investigating the breach as an apparent “credential harvesting campaign” involving the state’s HR/CMS Employee Self-Service Time and Attendance system, according to McNamara.

A credential harvesting campaign is a cyberattack technique that involves stealing personal or financial data from users.

McNamara said a fake website was created to resemble the SSTA portal and that employees used this website, believing it to be the correct website.

An unspecified number of state employees entered their SSTA username and password, allowing for access to their user account and direct deposit information, according to McNamara.

“There is no evidence indicating any compromise of the full system. The compromised accounts are the result of user error entering their credentials into a spoofed website,” the comptroller’s office stated in an online post.

All potentially impacted employees have been contacted, according to the state. Payroll will not be affected and will still go out this week.

The comptroller’s office shared a link where workers can confirm their direct deposit information remains accurate.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter . | Watch Boston 25 News NOW