This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

MYOB

Summary

MYOB, one of Australia's largest accounting and payroll software providers, suffered a significant privacy breach in July 2019 when a system glitch in its cloud-based payroll platform exposed workers' salary information. The incident allowed some employees to view the payslips and salary details of other workers at different companies using the MYOB system. The breach exposed highly sensitive employment and financial information across multiple Australian businesses.

What Happened

Misconfiguration. A technical glitch in MYOB's cloud-based payroll system caused payslips and salary information to be incorrectly distributed, allowing some employees to access the confidential pay details of workers at completely different organisations. The bug in the system's access controls meant that when employees logged in to view their own payslips through the MYOB platform, they could potentially see salary information, employment details, and payment histories belonging to people at other companies. MYOB initially described the issue as a "cloud system glitch" but the incident revealed serious flaws in the platform's data segregation and access control mechanisms.

Impact on Individuals

  • Salary Exposure: Confidential salary and wage information disclosed to strangers
  • Privacy Invasion: Detailed employment and payment histories visible to unauthorised parties
  • Workplace Implications: Knowledge of others' salaries could affect workplace negotiations and morale
  • Identity Information: Payslips typically contain names, addresses, tax file numbers, and bank details
  • Professional Embarrassment: Personal financial information shared beyond intended recipients
  • Trust Breach: Employees' trust in payroll systems and employers compromised

The exposure of salary information was particularly sensitive as it could affect workplace relationships and career negotiations if the information was retained and shared.

Response

MYOB immediately took action to fix the system glitch and prevent further unauthorised access to payslip data. The company notified affected customers—businesses using the MYOB payroll platform—and advised them to inform their employees about the breach. MYOB engaged technical teams to conduct a comprehensive review of the cloud system's access controls and data segregation mechanisms. The company implemented enhanced testing and monitoring procedures to prevent similar glitches from occurring in the future. MYOB reported the incident to the Office of the Australian Information Commissioner. Affected businesses were left to manage the fallout with their employees, with some workers understandably concerned about how their confidential salary information had been exposed and who might have seen it. +++

Verification Source: View original statement