Meanwhile, back at the phishing for W-2 department…

After 24 days of updating my scratch list of incidents involving phishing for W-2 information (business email compromise), I decided to take stock and try to organize what we have so far. I was surprised to see that there were already 90 incidents (make that 126 as of May 18th). Most of these entries were found via media reports and reports to state attorneys general. Some were found via KrebsOnSecurity. In a few cases, it’s not totally clear whether an incident was a phishing attack or some other type of breach that compromised employee information.

Updated Mar 3, 2017:  Because some additional reports from 2016 have become available, I have decided to update this post so that we have a better comparison for the 2017 list. This will likely not be the final update for this list, as the state has yet to finish uploading all its 2016 data.

If you have any additions, deletions, or corrections to suggest, please email me at breaches [at] databreaches.net.

1. A& A Ready Mixed Concrete
2. Academy of Art Institute
3. Acronis
4. Actifio Inc.
5. Advance Auto Parts
6. Agenus 
7. Alpha Payroll Services 
8. American Type Culture Collection
9. AmeriPride Services Inc.
10. Anthelio Healthcare Solutions Inc.
11. Applied Systems Inc.
12. ARC International
13. Areas 
14. ARIAD Pharmaceuticals
15. Ash Brokerage Corp (423)
16. Aspect
17. ASPIRAnet
18. Asure Software
19. Astreya Partners, Inc.
20. Avendra
21. Avention
22. Avinger, Inc.
23. AxoGen, Inc.
24. BackOffice Associates
25. Behavioral Science Technology
26. Ben Bridge Jeweler, Inc.
27. Billy Casper Golf
28. BloomReach 
29. Boltech Mannings
30. BrightView
31. Bristol Farms
32. Brunswick Corporation ( Brunswick Boat Group, Boston Whaler, Cybex International, Leiserv Inc, Sea Ray Boats, Inc) 
33. Brunswick School District
34. Care.com (and its subsidiaries)
35. CareCentrix
36. Central Concrete Supply Co. (Right Away Redy Mix, Rock Transport, Inc.)
37. Century Fence
38. Champlain Oil
39. City of Hope
40. City of Plainfield, NJ
41. Clay County Medical Center (?)
42. Client Network Services 
43. Clinton Health Access Initiative
44. Concord School District (NH)
45. ConvaTec Inc.
46. Convey Health Solutions
47. Conway Group
48. Crane Co.
49. Dare Enterprises (via Blue Belt Technologies)
50. DataXu Inc.
51. DealerSocket Inc.
52. Dennis Group
53. Digilant
54. Dixie Group
55. Dynamic Aviation
56. eClinicalWorks
57. EMSI
58. Endologix Inc.
59. EPTAM Plastics
60. Equian, LLC  (not discovered until March, 2017)
61. Essex, VT
62. Evening Post Industries
63. EWTN Global Catholic Network
64. Fast Company
65. Foss Manufacturing Company
66. Gamesa Wind US
67. General Communication, Inc. (GCI, Denali Media, UUI and Unicom)
68. Girl Scouts of Connecticut (372) 
69. Girl Scouts of Gulf Coast Florida
70. GoldKey|PHR 
71. Gryphon Technologies 
72. HAECO 
73. Highway Toll Administration
74. Hudson City School District
75. Hutchison Community College
76. I.M. Systems Group
77. IASIS
78. Information Innovators Inc.
79. Information Resources
80. InvenSense
81. InVentive Health, Inc.
82. ISCO Industries
83. J. Polep Distribution Services
84. Kalamazoo College  (1,600)
85. Kantar Group (4,266)
86. Kentucky State University (1,071)
87. Kids Dental Kare
88. Krispy Kreme
89. Lamps Plus and Pacific Coast Lighting
90. Land Title Guarantee Company
91. Lanyon Solutions
92. Lawrence Public Schools
93. LAZ Parking
94. Magnolia Health Corporation
95. Main Line Health
96. Management Health Systems d/b/a MedPro Heathcare Staffing
97. Mansueto Ventures (on behalf of Inc.)
98. Maritz Holdings, Inc.
99. Masy Bioservices
100. Matric NAC and Matrix Service Company
101. MCM Staffing
102. Medieval Times
103. Meeting Street School
104. Mercy Housing
105. Michels (1,911)
106. Millenium Engineering and Integration
107. Mitchell International Inc.
     
108. Milwaukee Bucks
109. MNP on behalf of its affiliate, General Fasteners Company
110. Momentum for Mental Health
111. Monarch Beverage Company
112. Moneytree
113. Morongo Casino
114. MYR Group
115. Nation’s Lending Corporation
116. NetBrain 
117. Netcracker Technology
118. New Leaders
119. Nexion Healthcare Management, Inc.
120. NTT Data
121. O.C. Tanner 
122. Olympia School District
123. OpSec Security
124. PerkinElmer
125. Pharm-Olam International
126. PhysMed Management
127. Pivotal Software, Inc.
128. Polycom
129. Primary Residential Mortgage, Inc. (PRMI)
130. Proskauer Rose
131. Puppet, Inc.
132. Pure Integration, LLC
133. QTI Group
134. RagingWire Data
135. Relief International
136. Rhode Island Blood Center
137. Rightside
138. Robert Rauschenberg Foundation
139. Rockhurst University
140. RugDoctor
141. Ryman Hospitality Properties (Grand Ole Opry, WSM-AM, Wildhorse Saloon, four large resort hotels, two smaller hotels, a golf course, and Nashville’s General Jackson Showboat).
142. Saint Agnes Medical Center (2,800)
143. Saint Joseph’s Healthcare System
144. SalientCRGT
145. Santa Rosa Consulting
146. School Administrative District 4 (Maine)
147. Seagate Technology
148. Sequoia Union High School District
149. Seven Hills Foundation 
150. SevOne
151. Silicon Laboratories
152. Single Digits
153.  Snapchat
154. Solano Community College 
155. Spectrum, Inc.
156. Springfield City Utilities
157. Sprouts (21,000) 
158. Symphony EYC
159. Symphony Health Solutions Corp.
160. The Home for Little Wanderers 
161. Tidewater Community College (3,193) 
162. Tom McLeod Software Corps
163. Total Community Options Inc. DBA InnovAge
164. Tricerat, Inc.
165. Turner Construction 
166. Umstead Hotel & Spa
167. ValMark Securities
168. VBrick Systems
169. Verity Health System
170. Veterans Management Services
171. Washington Elementary School District 
172. Whiting-Turner Contracting Company (1,987)
173. WorkCare
174. Wynden Stark, dba GQR Global Markets/City Internships
175. York Hospital 
176. YourEncore