DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

2016 W-2 data up for sale on the dark web (updated)

Posted on February 19, 2017 by Dissent

As regular readers know by now, DataBreaches.net has been compiling reported instances of W-2 phishing scams. As part of that investigation, I decided to take a quick look today at some dark net marketplaces to see if any data were up for sale. Brian Krebs had reported on this issue in January after finding a dedicated marketplace. I decided to check some others.

Within minutes, I found listings for 2016 W-2 data, although it is not clear from the listings where the data are from or how they were obtained. Here are some of the listings:

2016 W-2 data up for sale

 

2016 W-2 data up for sale
2016 W-2 data up for sale

DataBreaches.net attempted to find out whether the data in the first two listings might be from any of the known W-2 incidents. One vendor responded that most of the ones for sale are from Florida, while the rest are from Hawaii, North Carolina, South Carolina, and California. DataBreaches.net has reported on phishing incidents in schools in most of those states already, and is trying to obtain additional details from the vendor. The second vendor stated that all of his listings are from just one state, and I’m trying to find out which one. I’ve asked both vendors whether they’ll tell me if any are schools. 

The third listing linked to a sample with an unredacted W-2 form. The employer was not a firm that has reported having any breach this year, and an attempt to contact the employer was unsuccessful as the phone number obtained in a Google search has been disconnected.

Similarly, DataBreaches.net found another listing that is not being posted on this site just yet  because the sample image came from a college in Florida that has not disclosed any W-2 incident this year. DataBreaches.net called the college and left a detailed message with their campus security about the concern and offered to send them the information on the marketplace listing and the partial employee information that was visible in the listing. Although some of the information in the sample W-2 was redacted, DataBreaches.net was able to track down the employee whose W-2 this would be. The employee confirmed that the data were his data but because he admitted having a copy of his W-2 on his personal device, it’s still not clear whether there was a compromise at the college or a compromise of just the individual employee.

This post will be updated if more information becomes available.

Update 1: The vendor who indicated that all W-2’s were from one state indicated that the state was Florida, and that the source was companies (not schools).

Update 2, Feb. 20: The employee of the Florida college that I’m not naming at this time contacted me to say that he had checked and there was no copy of the W-2 on his personal devices. This morning, I spoke with the CIO of the college who had called me in response to my message yesterday, and they will be investigating. This post will be updated once they complete their investigation and let me know whether it appears that they have had a breach or not.

Update 3, March 6: See more about the college’s breach in this post.

Related posts:

  • Forbes Breach Email Statistics
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • A further 512 websites hacked and defaced by HaX.R00T
  • 1,355 Indian websites Hacked by hax.r00t n saadi Pakistani hackers
Category: Breach IncidentsID TheftPhishingU.S.

Post navigation

← Cleveland Food Bank Loses Personal Data for Dozens of Clients
OCR investigating CoPilot Provider Support Services breach; former employee lodged complaint →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.