Cyber Incident Victim: Hawaii Payroll Services LLC
Date:
Feb 2021
Location:
United States of America
Summary
A ransomware attack compromised Hawaii Payroll Services, exposing sensitive data including Social Security numbers, bank account details, and personal information of approximately 4,500 customers. The breach occurred when an unauthorized actor accessed systems through a compromised client account, escalated privileges, disabled security software, and encrypted server data. The company suspended remote client access, engaged third-party IT support, and retained forensic experts to investigate and remediate the incident. While some encrypted data was recovered, full file access remained unresolved. Notifications were sent to affected individuals, though delivery issues arose. Law enforcement investigations were initiated, but no arrests or evidence of data misuse on the dark web were reported at the time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 15-16, 2021, Hawaii Payroll Services LLC experienced a ransomware attack after an unauthorized actor compromised its systems. The intrusion began when the attacker gained access through a client's compromised account, then executed a privilege escalation attack that allowed them to disable and remove security software. This action enabled the encryption of all data on the company’s servers, rendering the information inaccessible. The breach was discovered in mid-February, prompting Hawaii Payroll Services to immediately suspend all remote client access to contain the threat. The company engaged its third-party IT operations vendor to assess the intrusion's scope and retained forensic experts to investigate the incident and recommend security improvements. Approximately 4,500 customers had their sensitive data exposed, including Social Security numbers, dates of birth, full names, and bank account information. Company owner Michelle Wells-Nagamine confirmed no evidence emerged that the stolen data appeared on the dark web or was misused, though some encrypted data remained unrecovered months later.
Hawaii Payroll Services notified affected individuals via mailed letters starting in late May 2021, though many were returned unopened due to outdated addresses. The company continued working to restore encrypted files while maintaining payroll services for its 120+ clients, including Rainforest at Kilohana Square, Diamond Bakery, Yummy’s BBQ, and Jean’s Warehouse. Wells-Nagamine filed a police report with Honolulu Police Department’s Financial Crimes Detail, which opened a first-degree unauthorized computer access investigation, and submitted a complaint to the FBI’s Honolulu field office. No arrests had been made as of September 2021, and notifications to state regulators and credit agencies were ongoing. The incident occurred amid a 40% national increase in internet crimes during 2020, with ransomware alone causing over $29.1 million in documented losses according to FBI data. Hawaii Payroll Services resumed core operations by September 2021 but acknowledged ongoing challenges in fully recovering encrypted data and verifying notification delivery to all impacted individuals.