Why We’ve Enforced 2FA: Protecting Your Payroll Data from Cybercriminals

In response to a recent attempt by cybercriminals to access user accounts using stolen passwords obtained from external websites, SimplePay recently enforced two-factor authentication (2FA) for all users. We understand that this added step can be inconvenient, and some customers have expressed their frustration. We hear you. The reason is simple: your payroll data is highly sensitive, and cybercriminals may be actively trying to steal it.

We can assure you that SimplePay’s security has not been breached. Our database remains secure and completely isolated, and all passwords are stored and irreversibly encrypted. The affected passwords were compromised elsewhere, not within SimplePay.

What we’ve done:

• Enforced 2FA for all accounts to block unauthorised access, even if a password is known to an attacker.
• Increased monitoring for unusual activity and added safeguards around bank detail changes.
• Proactively notified affected users and shared clear steps to stay secure.

What you can do now:

• Use a strong, unique password for SimplePay that you don’t use anywhere else.
• Keep 2FA enabled. It’s the single most effective way to stop account takeovers.
• Be alert to unexpected requests to change sensitive details. If something looks off, pause and verify.

You can find more information about this incident here. We will notify you if any further action is required from your side.

If you need help setting up setting up 2FA or updating passwords, our Support Team is ready to assist at [email protected].

Not a SimplePay member yet, but looking to try innovative and straightforward payroll software? We recommend signing up for a free, 30-day trial today! Our getting started guide can help you get up and running in no time.

Stay safe,

Team SimplePay