Q2 2025 Security News for TPAs & HR Teams
At Payroll Integrations our team monitors news headlines, breach disclosures and court filings for the latest threat intelligence. We’ve been tracking Q2’s most significant security events and wanted to share them with our network of TPAs and HR pros.
Below, you’ll find more info on eight security incidents from April 1–June 30. Use the quick-hits below to brief execs, stress-test your own controls and sharpen security questions for every vendor on your roster.
Read More: Check our latest primer on SOC 2 Type II Security for Payroll.
Top Security Headlines for Q2 2025
|
Date |
Security Headline |
Why It Matters for TPAs & HR |
|---|---|---|
|
Apr 14 |
Management Association (MRA) can’t dodge class-action over 3,400-record breach — a federal judge let negligence claims proceed after workers alleged their PII/PHI hit the dark web. Read More |
Even non-profit employer groups face enterprise-grade litigation risk. If you warehouse client data, be ready to evidence FTC-style safeguards. |
|
Apr 24 |
Sam’s Club/Cleo file-transfer flaw sparks (now-dropped) lawsuit — vulnerability in Cleo Communications software exposed employee data; patch initially failed. |
File-transfer tools still sit in many payroll workflows; confirm your vendors have retired, or at least isolated, Cleo-style MFT services. |
|
Apr 29 |
Complete Payroll Solutions breach prompts class-action probe: notice letters sent after SSNs, DL numbers and benefit data leaked. Read More |
Shows regulators’ new expectation: rolling notification rounds as an investigation unfolds, not one-and-done emails months later. |
|
May 16 |
Ransomware at ADP partner BSH leaks Broadcom employee files : salary details and national IDs surfaced online; ADP stresses its core systems weren’t hit. |
Up-chain incidents now trigger SEC 8-K scrutiny for public companies; insist on sub-processor inventories and breach contract language. |
|
May 27 |
SEO-poisoned fake payroll portals divert paychecks: attackers buy ad space, mimic ESS log-ins, and reroute direct deposits within minutes. Read More |
Train employees to type URLs, not click search ads; enable out-of-band confirmation for bank-account changes. |
|
Jun 13 |
Interlock gang steals 900 GB from Kettering Health — payroll and HR folders included: hospital now restored EHR but breach probe continues. |
Healthcare ransomware shows how quickly payroll, credentialing and patient data blend; segment HR shares from clinical networks. |
|
Jun 26 |
Paylocity warns: bogus search-engine links spoof company portal: FBI alert says scheme bypasses MFA and reroutes wages. Read More |
Spotlights growing “malvertising” threat aimed straight at payroll credentials; consider DNS filtering to block look-alike domains. |
|
Jun 27 |
EmCentrix HR & payroll platform breach exposes ~59 k records across three states — company offering identity protection, details still emerging. |
Smaller SaaS integrators sit inside many benefits stacks; require SOC 2 Type II (or equivalent) evidence, not just NDA assurances. |
Three Fast Moves to Take This Week
1. Enforce Multi-Factor Authentication (MFA) Everywhere
- Turn on MFA for every system that touches payroll, this includes your HRIS, benefits portals and even shared file storage.
- If you’re relying on SMS-only MFA, swap to an authenticator app or hardware key to block SIM-swap attacks
2. Lock Down Access with Least-Privilege Controls
- Audit every user who has payroll-related permissions and remove any accounts that don’t need them such as former employees and project-only contractors.
- Ensure that no one has more rights than they absolutely must. If someone only needs to view reports, don’t give them edit or export privileges.
3. Run a quick phishing awareness nudge.
- Send a one-slide tip sheet on how to spot fake Payroll update or Benefits form emails. Even a light refresher can cut the chance someone accidentally hands over credentials. Need a template? Download ours here.
|
Ready to Strengthen Your Payroll Security? Stay secure, stay compliant and stay ahead. Let’s make payroll security a priority, together! Get in touch today to learn how Payroll Integrations can help. |
