Why We’ve Added Email OTPs: Protecting Your Payroll Data from Cybercriminals

Author: Julian Taylor

    1 minute read    

In response to a recent attempt by cybercriminals to access user accounts using stolen passwords obtained from external websites, SimplePay recently added email OTPs at login for users that do not yet have two-factor authentication (2FA) enabled. We understand that this added step can be inconvenient, and some customers have expressed their frustration. We hear you. The reason is simple: your payroll data is highly sensitive, and cybercriminals may be actively trying to steal it.

SimplePay’s security has not been breached. Our database remains secure and completely isolated, and all passwords are irreversibly encrypted. The affected passwords were compromised elsewhere, not within SimplePay. The affected users used the same password on SimplePay as on the other service that was compromised, and it appears that this service was not following correct security practices by storing passwords that were unencrypted.

What We’ve Done

  • Added email OTPs for all accounts to block unauthorised access, even if a password is known to an attacker.
  • Increased monitoring for unusual activity around bank detail changes.
  • Proactively notified affected users and shared clear steps to stay secure.

What You Can Do Now

  • Use a strong, unique password for SimplePay that you don’t use anywhere else, or preferably a password manager.
  • Switch to 2FA instead of email OTPs. 2FA is the single most effective way to stop account takeovers.
  • Be alert to unexpected self-service requests to change sensitive details. If something looks off, pause and verify.

You can find more information about this incident here. We will notify you if any further action is required from your side.

If you need help setting up setting up 2FA or updating passwords, our Support Team is ready to assist at support@simplepay.cloud.

Not a SimplePay member yet, but looking to try payroll software that keeps your data secure? We recommend signing up for a free, 30-day trial today! Our getting started guide can help you get up and running in no time.

Stay safe,

Team SimplePay

You May Also Enjoy

Revamped Support Page

    less than 1 minute read    

We’ve redesigned our Support page to make getting help even easier. Read more about the changes in our blog.

Budget 2026

    2 minute read    

Budget 2026 introduces updates to USC rate bands, the minimum wage, and Benefits-in-Kind. Read more in our blog.

Design Updates to Keep Things Simple

    1 minute read    

We’ve started implementing design updates to make the system even easier to use, with more changes to come. Read more in our blog.

Case Study with CFO360

    4 minute read    

We spoke with Montaque Swanepoel about his experience using SimplePay. Read more in our blog.