Paytime Payroll

June 26, 2015Dear [redacted] ***:We represent Paytime Incin regards to a data security event that occurred in April 2014.Please accept this as a response to your correspondence of June 16, 2015, regarding a complaint filed with the Revdex.com by [redacted] We are pleased to report that Paytime reached out to [redacted] and resolved his complaintPlease see the following for additional detail regarding this incident and its resolution.Incident Paytime is a payroll services providerOn April 30, 2014, Paytime learned that unauthorized individuals had accessed usernames and passwords associated with its system, specifically, its Client Service CenterPaytime shut down the Client Service Center to prevent further access to client information and employee personal informationPaytime promptly launched an investigation and retained outside forensic experts to determine whether employee information may have been accessed by the intrudersPaytime’s forensic experts determined that for Paytime’s affected employer clients, their employees’ names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses may have been accessed by the intrudersThe experts additionally determined that the names, Social Security numbers and dates of birth for some of the affected employees dependents and beneficiaries may have been accessed.On May 12, 2014, Paytime began notifying affected employer clients that their employees’ personal information was accessed by intrudersPaytime requested that each affected employer permit Paytime to notify affected employees on the employer’s behalfPaytime began providing affected employees with written notice of this incident on May 21, 2014.Paytime takes this matter, and the security of the personal information in its care, seriously, and has taken measures to prevent this type of exposure from occurring againThese measures include an analysis of their systems and processes and implementing additional measures to secure personal informationPaytime has also taken steps to improve the existing security of their systems, including increased monitoring capabilities and use of additional software toolsIn addition to providing written notice of this incident to affected individuals as described above, each affected individual is being offered access to one free year of credit monitoring and identity restoration services provided through AllClear IDPaytime is providing each individual with information on how to protect against identity theft and fraudPaytime is also working with federal law enforcement to identify the intruder(s)Further, Paytime is providing written notice of this incident to the Pennsylvania Department of Revenue, its own bank, various banks used by its clients, other state regulators and consumer reporting agencies where required.Response to Keefer Complaint [redacted] originally contacted a Paytime representative at some point between May and November of On November 17, 2014, he contacted Paytime and requested another copy of the notice letters sent to him and his wifeHe was provided a copy of these notices at that timeHe also requested reimbursement for costs incurred to order new checks for his personal checking accountThe Paytime representative told [redacted] that Paytime would send along the request to its management, but that Paytime had no plans at this time to reimburse individuals for these types of costsIn February 2015, [redacted] made this request againThe Paytime representative explained to him that Paytime was offering a year of free credit monitoring but was not reimbursing individualsIn May of 2015, [redacted] called and emailed various representatives at Paytime.After receiving the Revdex.com complaint, we reached out to [redacted] on behalf of Paytime to offer an additional year of credit monitoring through [redacted] [redacted] declined this offerAlthough Paytime is not reimbursing individuals for claimed expenses as a result of the hacking incident, as a good faith effort to find a solution, Paytime offered to resolve the issue with [redacted] in exchange for an executed release [redacted] has agreed to this resolution.Thank you for the opportunity to provide you with additional detail regarding the complaint and resolution of the issueShould you have any additional questions or require additional details, please do not hesitate to contact me directly.Very Truly Yours,

June 26, 2015 Dear [redacted] ***:We represent Paytime Inc. in regards to a data security event that occurred in April 2014.Please accept this as a response to your correspondence of... June 16, 2015, regarding a complaint filed with the RevDex.com by [redacted] . We are pleased to report that Paytime reached out to [redacted] and resolved his complaint. Please see the following for additional detail regarding this incident and its resolution.Incident Paytime is a payroll services provider. On April 30, 2014, Paytime learned that unauthorized individuals had accessed usernames and passwords associated with its system, specifically, its Client Service Center. Paytime shut down the Client Service Center to prevent further access to client information and employee personal information. Paytime promptly launched an investigation and retained outside forensic experts to determine whether employee information may have been accessed by the intruders. Paytime’s forensic experts determined that for Paytime’s affected employer clients, their employees’ names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses may have been accessed by the intruders. The experts additionally determined that the names, Social Security numbers and dates of birth for some of the affected employees dependents and beneficiaries may have been accessed.On May 12, 2014, Paytime began notifying affected employer clients that their employees’ personal information was accessed by intruders. Paytime requested that each affected employer permit Paytime to notify affected employees on the employer’s behalf. Paytime began providing affected employees with written notice of this incident on May 21, 2014.Paytime takes this matter, and the security of the personal information in its care, seriously, and has taken measures to prevent this type of exposure from occurring again. These measures include an analysis of their systems and processes and implementing additional measures to secure personal information. Paytime has also taken steps to improve the existing security of their systems, including increased monitoring capabilities and use of additional software tools. In addition to providing written notice of this incident to affected individuals as described above, each affected individual is being offered access to one free year of credit monitoring and identity restoration services provided through AllClear ID. Paytime is providing each individual with information on how to protect against identity theft and fraud. Paytime is also working with federal law enforcement to identify the intruder(s). Further, Paytime is providing written notice of this incident to the Pennsylvania Department of Revenue, its own bank, various banks used by its clients, other state regulators and consumer reporting agencies where required.Response to Keefer Complaint [redacted] originally contacted a Paytime representative at some point between May and November of 2014. On November 17, 2014, he contacted Paytime and requested another copy of the notice letters sent to him and his wife. He was provided a copy of these notices at that time. He also requested reimbursement for costs incurred to order new checks for his personal checking account. The Paytime representative told [redacted] that Paytime would send along the request to its management, but that Paytime had no plans at this time to reimburse individuals for these types of costs. In February 2015, [redacted] made this request again. The Paytime representative explained to him that Paytime was offering a year of free credit monitoring but was not reimbursing individuals. In May of 2015, [redacted] called and emailed various representatives at Paytime.After receiving the BBB complaint, we reached out to [redacted] on behalf of Paytime to offer an additional year of credit monitoring through [redacted] . [redacted] declined this offer. Although Paytime is not reimbursing individuals for claimed expenses as a result of the hacking incident, as a good faith effort to find a solution, Paytime offered to resolve the issue with [redacted] in exchange for an executed release. [redacted] has agreed to this resolution. Thank you for the opportunity to provide you with additional detail regarding the complaint and resolution of the issue. Should you have any additional questions or require additional details, please do not hesitate to contact me directly. Very Truly Yours,

June 26, 2015Dear [redacted]:We represent Paytime Inc. in regards to a data security event that occurred in April 2014.Please accept this as a response to your correspondence of June 16, 2015, regarding a complaint filed with the Revdex.com by [redacted]. We are pleased to report...

that Paytime reached out to [redacted] and resolved his complaint. Please see the following for additional detail regarding this incident and its resolution.Incident Background:Paytime is a payroll services provider. On April 30, 2014, Paytime learned that unauthorized individuals had accessed usernames and passwords associated with its system, specifically, its Client Service Center. Paytime shut down the Client Service Center to prevent further access to client information and employee personal information. Paytime promptly launched an investigation and retained outside forensic experts to determine whether employee information may have been accessed by the intruders. Paytime’s forensic experts determined that for Paytime’s affected employer clients, their employees’ names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses may have been accessed by the intruders. The experts additionally determined that the names, Social Security numbers and dates of birth for some of the affected employees dependents and beneficiaries may have been accessed.On May 12, 2014, Paytime began notifying affected employer clients that their employees’ personal information was accessed by intruders. Paytime requested that each affected employer permit Paytime to notify affected employees on the employer’s behalf. Paytime began providing affected employees with written notice of this incident on May 21, 2014.Paytime takes this matter, and the security of the personal information in its care, seriously, and has taken measures to prevent this type of exposure from occurring again. These measures include an analysis of their systems and processes and implementing additional measures to secure personal information. Paytime has also taken steps to improve the existing security of their systems, including increased monitoring capabilities and use of additional software tools. In addition to providing written notice of this incident to affected individuals as described above, each affected individual is being offered access to one free year of credit monitoring and identity restoration services provided through AllClear ID. Paytime is providing each individual with information on how to protect against identity theft and fraud. Paytime is also working with federal law enforcement to identify the intruder(s). Further, Paytime is providing written notice of this incident to the Pennsylvania Department of Revenue, its own bank, various banks used by its clients, other state regulators and consumer reporting agencies where required.Response to Keefer Complaint[redacted] originally contacted a Paytime representative at some point between May and November of 2014. On November 17, 2014, he contacted Paytime and requested another copy of the notice letters sent to him and his wife. He was provided a copy of these notices at that time. He also requested reimbursement for costs incurred to order new checks for his personal checking account. The Paytime representative told [redacted] that Paytime would send along the request to its management, but that Paytime had no plans at this time to reimburse individuals for these types of costs. In February 2015, [redacted] made this request again. The Paytime representative explained to him that Paytime was offering a year of free credit monitoring but was not reimbursing individuals. In May of 2015, [redacted] called and emailed various representatives at Paytime.After receiving the Revdex.com complaint, we reached out to [redacted] on behalf of Paytime to offer an additional year of credit monitoring through [redacted]. [redacted] declined this offer. Although Paytime is not reimbursing individuals for claimed expenses as a result of the hacking incident, as a good faith effort to find a solution, Paytime offered to resolve the issue with [redacted] in exchange for an executed release. [redacted] has agreed to this resolution.Thank you for the opportunity to provide you with additional detail regarding the complaint and resolution of the issue. Should you have any additional questions or require additional details, please do not hesitate to contact me directly.Very Truly Yours,

June 26, 2015
Dear [redacted]:We represent Paytime Inc. in regards to a data security event that occurred in April 2014.Please accept this as a response to your correspondence of...

June 16, 2015, regarding a complaint filed with the Revdex.com by [redacted]. We are pleased to report that Paytime reached out to [redacted] and resolved his complaint. Please see the following for additional detail regarding this incident and its resolution.Incident Background:Paytime is a payroll services provider. On April 30, 2014, Paytime learned that unauthorized individuals had accessed usernames and passwords associated with its system, specifically, its Client Service Center. Paytime shut down the Client Service Center to prevent further access to client information and employee personal information. Paytime promptly launched an investigation and retained outside forensic experts to determine whether employee information may have been accessed by the intruders. Paytime’s forensic experts determined that for Paytime’s affected employer clients, their employees’ names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses may have been accessed by the intruders. The experts additionally determined that the names, Social Security numbers and dates of birth for some of the affected employees dependents and beneficiaries may have been accessed.On May 12, 2014, Paytime began notifying affected employer clients that their employees’ personal information was accessed by intruders. Paytime requested that each affected employer permit Paytime to notify affected employees on the employer’s behalf. Paytime began providing affected employees with written notice of this incident on May 21, 2014.Paytime takes this matter, and the security of the personal information in its care, seriously, and has taken measures to prevent this type of exposure from occurring again. These measures include an analysis of their systems and processes and implementing additional measures to secure personal information. Paytime has also taken steps to improve the existing security of their systems, including increased monitoring capabilities and use of additional software tools. In addition to providing written notice of this incident to affected individuals as described above, each affected individual is being offered access to one free year of credit monitoring and identity restoration services provided through AllClear ID. Paytime is providing each individual with information on how to protect against identity theft and fraud. Paytime is also working with federal law enforcement to identify the intruder(s). Further, Paytime is providing written notice of this incident to the Pennsylvania Department of Revenue, its own bank, various banks used by its clients, other state regulators and consumer reporting agencies where required.Response to Keefer Complaint[redacted] originally contacted a Paytime representative at some point between May and November of 2014. On November 17, 2014, he contacted Paytime and requested another copy of the notice letters sent to him and his wife. He was provided a copy of these notices at that time. He also requested reimbursement for costs incurred to order new checks for his personal checking account. The Paytime representative told [redacted] that Paytime would send along the request to its management, but that Paytime had no plans at this time to reimburse individuals for these types of costs. In February 2015, [redacted] made this request again. The Paytime representative explained to him that Paytime was offering a year of free credit monitoring but was not reimbursing individuals. In May of 2015, [redacted] called and emailed various representatives at Paytime.After receiving the Revdex.com complaint, we reached out to [redacted] on behalf of Paytime to offer an additional year of credit monitoring through [redacted] declined this offer. Although Paytime is not reimbursing individuals for claimed expenses as a result of the hacking incident, as a good faith effort to find a solution, Paytime offered to resolve the issue with [redacted] in exchange for an executed release. [redacted] has agreed to this resolution.
Thank you for the opportunity to provide you with additional detail regarding the complaint and resolution of the issue. Should you have any additional questions or require additional details, please do not hesitate to contact me directly.
Very Truly Yours,