When Carl Stecker started getting phone calls from people who had received W-2s from one of his companies, he was both confused and suspicious. The company, a limited liability entity, was set up as a transactional business and did not have any paid staff.
“It’s tied to a checking account that lends money through our asset-based lending division,” says Stecker, founder of Greenville, SC-based Benefits in a Card. “I was like, ‘What the heck?’”
Stecker and his accountants reported the scam and learned the hackers had sent 47 fake W-2s to the Internal Revenue Service as part of AI-generated tax returns that guaranteed electronic refunds. The IRS managed to stop payments on 21 of the 47 returns; the rest were paid.
“It was an elaborate scam and a wake-up call,” Stecker says of the experience. “It made us hyper vigilant about cybersecurity and forced us to look at everything we do.”
Stecker has used his company’s experience to develop tighter controls for his clients—temporary employees and the staffing firms that hire them—at a time when data breaches due to cyberattacks have reached an all-time high in the U.S. Each breach is costly—with losses jumping to an average of $10.2 million in the U.S. over the past year, according to an annual study released in late July by IBM and the Ponemon Institute.
The losses are not just financial; the cost to your reputation can also make it more difficult to retain and get new clients, Stecker notes. “Over the past two years, we’ve seen a tidal wave of cyberattacks across the staffing, payroll, and health care industries,” Stecker says. “And every staffing firm is a target.”
Cyberattacks are hitting the staffing industry harder than ever, with AI-driven scams and outdated payroll practices putting sensitive data—and entire businesses—at risk. From fake W-2 schemes to multimillion-dollar breaches, every staffing firm has become a target. But secure technology like APIs can help firms protect their most critical asset: payroll data.
A Safer Way to Share Data
Given the high volume and compliance issues that temporary staffing firms deal with, having the right technology in place “is going to be the only way to continue to be relevant in the industry,” says Scott Poeschl, senior vice president of Avionté+, a certified partner program that offers prebuilt software integrations to bolster data security.
“The technology has to be connected and, in that connectivity, secure,” Poeschl says. “When you’re shopping for your technology, security should be one of your top questions. Number one: Is it the software I want? Number two: Is it secure?”
Staffing companies are particularly vulnerable to cyberattacks because they house sensitive payroll data—including Social Security and driver’s license numbers—and may have poor or outdated security around it, Stecker says. Many companies still perform payroll transfers using flat files—CSV and Excel documents—via email or FTP sites.
“The health care industry is mainly a downloadupload, meaning you download a file from one system and upload to another,” Poeschl says. “That presents a data security problem, and it creates friction for the user because they’re having to switch from one application to the other and often are forced to deal with file errors.”
Stecker, who has worked with Avionté+ to develop a secure application programming interface (API) called BenefitSync, estimates that twice weekly email or FTP transfers “double your exposure to breaches compared to a secure API…It’s a hacker’s playground,” he says.
APIs, which are programs that communicate with each other and share data, use “keys”—unique identifier codes that identify, authenticate, and allow the user to access the software. BenefitSync uses open API—an interface that is made publicly available to third-party developers to integrate into their own applications and services.
“Customers are just getting familiar with what API is, and there’s confusion around what the term ‘open API’ means,” Poeschl says. “People think ‘open AI’ means anyone can come in and disturb the exchange of data, but the opposite is true. With open API, you have to be authenticated and approved to access data. You have to have the right credentials, and you have a key to access that data. It’s actually much more secure.”
The BenefitSync app, Poeschl says, allows data to be exchanged “in a secure, scalable way” without the customer having to move information between two systems. “You don’t have to key in the same data in two different spots,” he says. “You don’t have a delay between a file download and a file upload. Things are changed in one system, in near real time, and that same data is updated in the second system, creating perfect data integrity. There’s no mismatch of dates or numbers. Everything matches.”
From Breaches to Business Risk
One reason for the heightened urgency around data breaches, Stecker says, is a number of highprofile cases that have affected the temporary staffing industry. In mid-August, a cyberattack against ManpowerGroup’s Lansing, MI-based franchise was disclosed; the breach, which took place earlier in 2025, affected 144,000 individuals. In 2024, another breach exposed the records of 50,000 temporary employees, costing a staffing firm $5 million in damages. The largest breach affected Change Healthcare in 2024, with 190 million records exposed at a cost of $3.1 billion.
Adding fuel to the fire is hackers’ rapid embrace of artificial intelligence. From 2024 to 2025 alone, the IBM-Ponemon study noted, 16% of all data breaches nationwide involved AI being used in phishing and deepfake attacks. Stecker notes that the number of AI-related breaches will only continue to grow.
“AI has supercharged cyber fraud, driving breaches through the roof, and the number of cases is expected to only increase dramatically in the next six months,” Stecker says. “We’re not talking about years—we’re talking about weeks and months here.”
Poeschl says artificial intelligence presents another potential problem as well. If a staffing firm does not have the right technology in place, employees are starting to use “shadow AI”—unauthorized open-source or commercial tools that may not have robust security—as they look to boost productivity.
Securing Staffing’s Most Critical Asset
“If staffing firms have looked at larger technologies—like Microsoft and Salesforce—and their ecosystems that offer verified integrations that you can plug and play, the Avionté+ program runs similarly,” Poeschl says. “To be in the Avionté+ Certified Integration Program, technologies agree to abide by the rules and the security guardrails that we’ve put there for them to run on.”
Those guardrails, Stecker says, are the reason Benefits in a Card joined Avionté’s Certified Integration Program and worked with the company to develop BenefitSync. He notes that subscribers can be on board in a matter of weeks instead of months, and the app will be updated regularly.
“Everybody wants to use a platform that’s already available, but you don’t have any control over it. We don’t want to entrust someone else with our clients’ security,” Stecker says. “By developing this ourselves, we’ve got something that we’ve been able to pressure test and security test. It allows us to constantly push out updates and patches as needed.”
Ultimately, Stecker says, it’s about staffing firms protecting themselves. “If I’m a manufacturing company and I have a data breach, I can walk into my warehouse and I still have my inventory,” he says. “I might have upset some people, but I can pull things together and I’ve still got my product. If I’m a staffing company and the breach comes when I’m sending my payroll, that is my inventory. That is my business. You are sending your entire business—what controls your entire revenue stream. You can’t risk that.”
Glenn Cook is a professional writer who has covered a wide range of business and education topics. He also is a prolific photojournalist, having created award-winning article and photography packages for national publications.
