false 0001590955 0001590955 2023-07-20 2023-07-20

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

 

FORM 8-K

 

 

CURRENT REPORT

Pursuant to Section 13 or 15(d)

of the Securities Exchange Act of 1934

Date of Report (Date of Earliest Event Reported): July 20, 2023

 

 

Paycom Software, Inc.

(Exact name of registrant as specified in its charter)

 

 

 

Delaware   001-36393   80-0957485

(State or other jurisdiction

of incorporation)

 

(Commission

File Number)

 

(IRS Employer

Identification No.)

 

7501 W. Memorial Road, Oklahoma City, Oklahoma   73142
(Address of principal executive offices)   (Zip Code)

Registrant’s telephone number, including area code: (405) 722-6900

Not Applicable

(Former name or former address, if changed since last report)

 

 

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

 

Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

 

Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

 

Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

 

Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

 

Title of each class

 

Trading

Symbol(s)

 

Name of each exchange

on which registered

Common Stock, $0.01 par value   PAYC   New York Stock Exchange

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§ 230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§ 240.12b-2 of this chapter).

Emerging growth company  

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.  ☐

 

 

 


Item 8.01

Other Events

On May 31, 2023, Progress Software Corporation (the “Vendor”), a vendor to a subsidiary of Paycom Software, Inc. (the “Company”), disclosed a previously unknown vulnerability in the Vendor’s MOVEit file transfer software (“MOVEit”) that could enable malicious actors to gain unauthorized access to sensitive files and information. MOVEit is used by thousands of organizations for secure data file transfers and is now the subject of a widely reported cybersecurity event impacting numerous organizations and governmental agencies around the world (the “Vendor Incident”). The Company used MOVEit for a limited set of secure file transfers supporting client services and with certain outside vendors supporting internal operations.

The Company promptly deployed cybersecurity defenses, including patching the software according to the Vendor’s published protocols and launching an internal investigation in partnership with outside independent cybersecurity forensic experts. Currently there is no indication that the Company’s HR and payroll software application was impacted. There has been no interruption to the Company’s systems, services or business operations.

As of the date of filing this Current Report on Form 8-K, the Company confirms that, as a result of the MOVEit vulnerability, an unauthorized third party downloaded copies of files from the MOVEit server, gaining access to data of certain Company clients and their employees, including personally identifiable information of less than 0.4% of all persons on behalf of whom the Company stored client data during the year ended December 31, 2022. Compromised data included personally identifiable information in employee records of approximately 127 former and current clients, or approximately 0.7% of the Company’s client base (based on parent company grouping) as of December 31, 2022. The unauthorized third party also gained access to a limited number of Company files stored on the MOVEit server, including certain employee records containing personally identifiable information. The Company has engaged a third-party computer forensics team to verify the scope of the Vendor Incident and is in the process of contacting affected clients directly.

The Company is continuing to evaluate the impact of the Vendor Incident, including certain remediation expenses and other potential liabilities. The Company does not currently believe the Vendor Incident will have a material adverse effect on its business, operations or financial results.

Forward-Looking Statements

Certain statements in this Current Report on Form 8-K are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are any statements that refer to the Company’s estimated or anticipated results, other non-historical facts or future events and include, but are not limited to, statements regarding the actual or potential impact of the MOVEit vulnerability and the Vendor Incident on the Company’s business, operations or financial results. These forward-looking statements speak only as of the date hereof and are subject to business and economic risks. As such, our actual results could differ materially from those set forth in the forward-looking statements as a result of the factors discussed in our filings with the Securities and Exchange Commission, including but not limited to those discussed in our most recent Annual Report on Form 10-K and Quarterly Report on Form 10-Q. We do not undertake any obligation to update or revise the forward-looking statements to reflect events or circumstances that exist after the date on which such statements were made, except to the extent required by law.


SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

 

      PAYCOM SOFTWARE, INC.
Date: July 20, 2023     By:  

/s/ Craig E. Boelte

    Name:   Craig E. Boelte
    Title:   Chief Financial Officer