Date of Incident Occurrence

July of 2023

Incident Type

System outage due to potential security risk

Event Severity

High

Event Narrative

On July 24th, PEO Defender reported that Timeco, a widely use employee time tracking software was experiencing a service outage due what the company has said is “a potential security risk within our network architecture.”

Below is  an update from Timeco customer support as of the morning of July 25th.

Please be aware that as of Saturday, July 22nd, our team identified a potential security risk within our network infrastructure. As a precautionary measure we have taken the decision to initiate a network shutdown, and access to the site is unavailable at this time.

Our teams are diligently working around the clock to restore services to their full functionality. However, please be advised that the restoration process may take another 24 hours as of the morning of July 25th.

If you need your data immediately for payroll processing, please email support@timeco.com along with your company name and the dates needed, and we can pull this data for you.

We are very sorry for this inconvenience and we are doing all we can to get everything back and running as quickly as possible. Thank you for your support.

Potential Remediation Action Items

PrismHR, who Timeco is a Prism Marketplace Partner, advises the following steps for service providers who utilize Timeco.

As Timeco is currently offline, the flow of information between PrismHR and Timeco is temporarily halted. Rest assured, the Prism Event system will securely store all events and relay them to Timeco once normal service resumes.

Immediate Actions for Prism Service Providers:

  1. Password Change for Safety: Although the PrismHR network remains uncompromised, we urge you to change your Timeco Web Service User’s password as a precautionary measure. Only share the updated credentials with Timeco after they issue an official ‘all clear’ announcement.Need guidance? Please see this link for step-by-step instructions on resetting a Web User password. https://scribehow.com/shared/How_to_Change_an_API_Web_Service_Users_Password__9VF-qAlWR42E6v9ENzZmow
  2. Limit Access: Ensure that you grant Timeco only the essential access methods. Implement IP address restrictions to allow user access exclusively from Timeco’s network.