Update: This incident actually was a phishing incident, and The Telegraph‘s story now reflects that, so I’m adding this one to the 2017 victims list. Originally, their story sounded like a straight-up hack. Their story now reads:
The Alton steel company’s data system was victim to a “phishing expedition,” according to Alton Steel CEO Jim Hrusovsky, which compromised personal information of its employees. The breach occurred Feb. 2, and Hrusovsky said the company became aware of the breach Monday. The following day, the company began informing the majority of its approximately 300 employees of the breach.
Thanks to Steve Ragan of Salted Hash for catching that. Steve’s also compiling info on tax fraud incidents this year from phishing incidents and other incidents. You can read his most recent W-2 phishing story here.
This sounds like hackers immediately used hacked information to file tax returns to obtain fraudulent refunds. Within a matter of days, “numerous” employees reported that they had become victims. Nathan Grimm reports:
A security breach at Alton Steel, Inc. has left its employees open to identity theft, and more than one employee has already this year had fraudulent tax returns filed in their name, multiple sources told The Telegraph on Wednesday.
According to two different employees, who spoke on the condition of anonymity, hackers breached the Alton steel company’s system on Feb. 2, and the company became aware of the breach Feb. 5, ASI leaders told employees this week. It wasn’t until two days later, on Feb. 7, that the company began informing the majority of its approximately 300 employees of the breach.
Read more on The Telegraph.