Story : https://krebsonsecurity.com/2017/03/govt-cybersecurity-contractor-hit-in-w-2-phi
Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks.
On Thursday, March 16, the CEO of Defense Point Security, LLC - a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” - told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.
Alexandria, Va.-based Defense Point Security (recently acquired by management consulting giant Accenture) informed current and former employees this week via email that all of the data from their annual W-2 tax forms - including name, Social Security Number, address, compensation, tax withholding amounts - were snared by a targeted spear phishing email.
“I want to alert you that a Defense Point Security (DPS) team member was the victim of a targeted spear phishing email that resulted in the external release of IRS W-2 Forms for individuals who DPS employed in 2016,” Defense Point CEO George McKenzie wrote in the email alert to employees. “Unfortunately, your W-2 was among those released outside of DPS.”