It used to be that in February and March, we’d see a number of reports of breaches involving employees’ W-2 tax statements that were due to printing or mailing errors. This year, we’re seeing reports of W-2 data theft via phishing.
Because a W-2 form provides the employee’s name, Social Security number, address, and earnings information for the year with how much had been deducted for taxes, etc. – as well as the employer’s name and address – it provides everything criminals need to engage in tax refund fraud.
Just in the past week alone, I’ve reported on incidents involving AmeriPride, Actifio, Evening Post Industries, Main Line Health, one at Mansueto Ventures impacting employees of Inc., and Fast Company, City of Hope, and one at GCI impacting all employees of GCI, Denali Media, UUI and Unicom.
Now add Seagate to the list. Brian Krebs reported the breach yesterday. The company has not revealed how many employees have been impacted.
And those are just the ones found in my online searching this past week. There are likely more that are being discovered or first reported that we’ll learn about in time.
That’s a lot of potential new tax refund fraud victims.