Timeco Security Risk System Outage (August 3rd 2023 Update)

Date of Incident Occurrence

July of 2023

Incident Type

System outage due to potential security risk

Event Severity

High

Event Narrative

On Saturday July 22nd, Timeco, experienced a security incident that affected their TLM software. They disabled access to certain systems, the company says, to protect customer information. The company says that it immediately commenced an internal investigation with assistance from cybersecurity experts. They have notified law enforcement who are actively supporting the investigation.

PEO Defender spoke with a Timeco company representative who said that the investigation, while still ongoing, has found no evidence of unauthorized access, misuse or theft of data contained on the Timeco servers.

Timeco also says that their company backups were not affected by this incident.

It is the determination of PEO Defender that Timeco has given an “all clear” and systems are functioning normally.

We recommend that if you are utilizing Timeco systems you are receiving the company’s correspondence. This in case any remaining  investigation uncovers something that would alter this “all clear” status, and the company is required to notify its customers.

Below is a statement from the company about the incident.

TIMECO SECURITY INCIDENCE RESPONSE

Cybersecurity issues are a reality for virtually all businesses and that’s why we take them so seriously.

 Timeco’s platform is actively monitored 24/7/365 to protect against data breaches and cyberattacks. Access to your TLM technology requires a secure connection.

And all data is encrypted before being sent to or stored in the cloud to prevent it from being captured while in transit or at rest.

Timeco maintains and regularly tests business continuity, incident response, and disaster recovery plans. This process is designed to detect, resolve, and guide recovery from a security breach, and identify opportunities for improvement.

Timeco is committed to continuous improvements and implementing learnings that increase our security posture beyond our existing high standard. That includes adding new state-of-the-art security tools and procedures.

Incident

What happened?

On Saturday July 22 Timeco experienced a security incident that affected their TLM software.

Upon discovery, they immediately disabled access to certain systems within the network to help protect customer information and commenced an internal investigation with assistance from cybersecurity experts. They have also notified law enforcement and are actively supporting that investigation.

Timeco worked around the clock to quickly and securely bring their systems back online, and all of their customers are now up and running with full functionality. The investigation has concluded and determined there was no evidence of unauthorized access, misuse, or theft of data contained on the Timeco servers.

 When did you first learn of this incident?

Timeco first became aware of the incident on July 22.

Since they first became aware of this, they commenced an internal investigation with the assistance of cybersecurity experts and have been methodically working to determine the scope of the incident and worked to quickly and securely restore our systems to operation.

 Has law enforcement been notified?

Yes, Timeco has notified law enforcement of this incident.

 Was any data taken from the system?   

Timeco’s cyber forensics firm did an investigation to see if they could find any evidence that data was compromised.

The investigation is ongoing and preliminary findings determined there was no evidence of unauthorized access, misuse, or theft of data contained on the Timeco servers. 

Does Timeco have data backups to help remediate situations like this?

Yes. Timeco did back up customer data.  Timeco’s backups were not impacted as part of this incident.

Why didn’t your security measures prevent this from happening?  What are you doing to prevent it from happening again? 

Timeco implemented robust information security practices.

Timeco’s systems are monitored 24/7, and upon learning of the incident, they immediately took steps to isolate and protect affected systems and took steps to prevent additional systems from being affected.

Timeco is committed to continuous improvements, and we will implement what they have learned to increase their security posture beyond their existing high standard. To safeguard the data of service providers and the businesses they support, Timeco is committed to continuously enhancing their security practices and protocols. That includes:

• State-of-the-art security tools and procedures even beyond their current high standard

• Application security and infrastructure used in highly regulated industries

• Working with cybersecurity experts to monitor the latest threats and risks when it comes to cyber security.

• Timeco switched from a well-regarded endpoint monitoring service to one with even more advanced capabilities.

Last week, PrismHR sent out recommendations for its providers utilizing Timeco. We are including the recommendations in this alert. If you have not followed their recommendations, you may want to do so moving forward.

Immediate Actions for Prism Service Providers:

1. Password Change for Safety: Although the PrismHR network remains uncompromised, we urge you to change your Timeco Web Service User’s password as a precautionary measure. Only share the updated credentials with Timeco after they issue an official ‘all clear’ announcement.

   Need guidance? Please see this link for step-by-step instructions on resetting a Web User password. https://scribehow.com/shared/How_to_Change_an_API_Web_Service_Users_Password__9VF-qAlWR42E6v9ENzZmow

2. Limit Access: Ensure that you grant Timeco only the essential access methods. Implement IP address restrictions to allow user access exclusively from Timeco’s network.