Network World reports that although the company insists that they did the right thing and immediately notified their clients (along with shutting down and site and putting additional security measures in place before returning it online), they say they were preparing to issue a public statement only to be beaten to the punch by a Washington Post columnist.
PayChoice said that the first sign that something was wrong came in the guise of phishing emails, containing user names and partial passwords. The recipients of the emails were asked to download a browser plug-in that would allow them to continued use of their accounts.
It appears that the good news in all of this is that only customers accessing their accounts via Internet were affected. Even so, PayChoice recommends their clients to notify employees and advise them to review their financial statements for potential suspicious transactions.