It’s nice to see this site’s findings agree with government assessments of a problem. It’s also nice to see our efforts put to good use.
Steve Ragan has a new piece on Salted Hash with an update on BEC attacks, including those targeting W-2 information. DataBreaches.net has already compiled more than 200 instances of W-2 BEC compromises this year, and anticipates more before the year is over. Using our findings, Steve had calculated that more than 120,000 taxpayers had already been impacted by March, and that number is sure to climb, too.
Steve also noted an incident report that this site had footnoted in our list because it could make grown security professionals weep:
In March, when Vertical Bridge, LLC reported their W-2 data breach, the company noted that the employee who fell for the BEC scam had recently completed awareness training “designed to prevent this kind of situation.”
Read more on CSO Online for other statistics on this type of attack.
Great thanks to the Maryland Attorney General’s Office for their cooperation with my requests for breach notifications. I hope the ITRC is able to get reports from New York in response to their FOIA request, and if anyone else obtains reports under FOIA and wants to share them with the public, send them on to me for inclusion in our 2017 list.