So this is not a W-2 phishing situation, but TALX – a wholly-owned subsidiary of Equifax – is working with Entergy to notify former and current Entergy employees whose 2016 W-2 data may have been acquired by criminals from the TALX portal.
In a letter to the New Hampshire Attorney General’s Office, counsel for TALX writes that
TALX recently learned of potentially unauthorized access to certain Entergy employees’ online portal accounts and electronic W-2 tax forms for tax year 2016 or earlier.
And as Entergy told affected employees in their notification letter that stressed that 2017 tax forms were not involved, but early years’ forms were:
TALX believes that an unauthorized third party gained access to the accounts primarily by sucessfully answering personal questions about the affected employees in order to reset the employees’ PINS (i.e., the the password to access the online portal). There is no indication that TALX or Entergy were the source of any of the information used to reset the PINS and access the accounts.
TALX has arranged for two years of complimentary restoration and assistance help for affected Entergy employees.