Federal contractor with cybersecurity ties notifies employees after W-2 info acquired by targeted phishing
I’ve continued to add entities to my list of firms or entities where employee W-2 information was successfully phished by emails purporting to be from an entity’s executive. One notification I read this morning made me cringe because the firm that was successfully phished has contracts with the government involving mission critical systems for U.S. and coalition forces.
Through their lawyers, Gryphon Technologies, an engineering firm based in D.C., recently reported that their employee(s) fell for two such phishing attempts between February 29 and March 7. One email appeared to be from their CEO, while the other email appeared to be from their CFO. Both requested all employees’ 2015 W-2 information. It is not clear from the firm’s notification whether it was one employee who fell for both phishing emails or if it was two different employees.
Gryphon Technologies discovered the problem on March 7 and sent preliminary notification to its employees on March 11, with another letter sent to them on March 21. The firm has offered employees two years of credit monitoring services and indicates that as part of their response, they are implementing additional safeguards and retraining employees.
The total number of current and former employees affected was not disclosed in the notification to the New Hampshire Attorney General’s Office, but some online resources indicate the firm has between 500 – 1000 employees.
Retraining all employees about the increasing risk of targeted phishing is important for all firms and entities these days, but perhaps especially so if you have any involvement in national security. Gryphon Technologies describes itself as “a premier engineering services firm with expertise in Systems Integration, C4ISR, T&E and Integrated Logistics with a focus on Cyber Security for Control Systems for all Navy platforms and systems.” They add:
Gryphon Technologies is the federal government’s partner working in support of mission critical systems. We are proud of our ability to help shape tomorrow, while ensuring today’s U.S. and coalition forces can carry out their critical missions and tasks.
Would this be the appropriate place to point out that humans remain the weakest link?