On March 22 an employee at software company Pivotal Labs received an email purporting to be from CEO Rob Mee, asking for personal information about employees. Assuming the email was legitimate, the worker sent W-2 information — including the names, addresses, 2015 income details, Social Security numbers and Individual Tax Identification Numbers of an undisclosed number of employees — to what turned out to be a group of cybercriminals.
The company reported the breach to authorities, opened an investigation and is offering employees identity protection services, according to a notice it shared with employees. The incident was first reported by SC Magazine. (Pivotal Labs did not immediately return a request for comment.)
The incident highlights a growing scam involving phishing attacks, where criminals use stolen W-2 information to impersonate taxpayers and steal their returns.
"These scams are active right now, especially at tax season," said Rodney Joffe, senior vice president at Neustar. "And while there have been some mentioned in the press, there are thousands of companies, small and large, being targeted each and every day."