MYOB in payslip privacy bungle

Imagine what would happen if you went to open your emailed group certificate and found out it was your boss' or a colleague's instead.

That's the rather awkward situation some customers of MYOB could be facing after its automated payroll program accidentally emailed 220 individual payment summaries to the wrong people.

The automated payroll function, which is part of MYOB’s cloud-based AccountRight Live product, suffered a “glitch” that forced the vendor to shut down access during the extremely-busy end of financial year period.

“On 28 June we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019,” the company said in a statement. 

“Our investigation has since revealed 220 individual payment summaries went to the incorrect person. 

“We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors.”

MYOB said that “a small handful were detected and stopped, while all other payment summary emails have since been released in batches with the final emails to be sent by close of business today.”

The company said it took its responsibility for “protecting data privacy incredibly seriously and understand this will have had an impact on the individuals affected.”

It said it had called the impacted customers and was “working with them to safely and correctly dispose of the misdirected payment summary emails”.

It had also called “impacted employees whose payment summaries were sent to another person” and was providing them assistance.

The company said it had called in the ATO and the Office of the Australian Information Commissioner over the breach. 

“We are sincerely sorry for the situation, as well as the frustrations experienced by all our AccountRight Live customers caused by the delay in sending the payment summary emails,” MYOB said.