Yet more phishing-based compromises involving W-2 tax statement data (Update-24)
(Note: the following is not a complete list… it’s just a list I started after the first few posts on this topic suggested that there would be a lot more. See the “phishing” category of this site for earlier entries this year.)
Reports continue to come in to state attorneys general involving the successful spear phishing of employees’ W-2 information. Here are just three more reports I saw today, with links to their reports.
Update of Mar. 16: Add to the above the following firms whose employee W-2 data was also successfully phished recently:
- Mitchell International.
- PerkinElmer (also reported to NH)
- Advance Auto Parts
- Sequoia Union High School District
And these are just some of all the successful phishing attacks in the past month noted on this site. Search the “phishing” category for more.
Maybe you should just bookmark this page for a while….
Update 2: Add eClinical Works.
Update 3 (Mar. 19): Add Springfield City Utilities, Missouri.
Update 4 (Mar. 21): Add ConvaTec
Update 7 (Mar. 24) Brian Krebs identifies some additional firms in this post. Also, a reader emailed me that he received a letter yesterday dated March 19 from his former employer. Certain US employees’ 2015 W2 forms were exposed on March 1, 2016, and the breach was discovered on March 9. The breached entity, he says, was Kantar Group (the parent company to TNS, The Futures Co., Millward Brown, and AddedValue). Later today, we learned that Lamps Plus/Pacific Coast Lighting also had employee W-2 data compromised by phishing.
Update 10 (Mar. 30) Add Champlain Oil.
Update 11 (Apr. 3) Add Weight Watchers, Intl.
Update 12 (Apr. 4) Add City of Plainfield, NJ (reported on CBS News this morning). Also, Bowdoin College was was impacted by the Maine school district incident, mentioned previously, at Brunswick School District.
Update 15 (Apr. 11) Add Bristol Farms and Wynden Stark, dba GQR Global Markets/City Internships.
Update 16 (Apr. 12) Add Asure Software and Dixie Group and MNP and Management Health Systems d/b/a MedPro Heathcare Staffing and Silicon Laboratories.
Update 18 (Apr. 14) Add Girl Scouts of Gulf Coast Florida.
Update 21 (Apr. 18) Add EMSI.
Update 22 (Apr. 19) Add Landstar System
Update 23 (Apr. 20) Add Convey Health Solutions and Clinton Health Access Initiative. And InvenSense. And MNP on behalf of its affiliate, General Fasteners Company. And Trinity Heating & Air, DBA Trinity Solar. And TMEIC.
Update 24 (April 22): Add DealerSocket Inc.