DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Taconic Biosciences settles lawsuit stemming from 2017 W-2 phishing breach (updated)

Posted on October 8, 2019 by Dissent

One of the victim companies of a W-2 phishing attack that this site reported in 2017 was a New York firm called Taconic Biocences.  A copy of their notification to the Maryland Attorney General’s Office is still available online, here.

Recently, News10 in New York reported that there has been a $2.7 million settlement in a lawsuit against the firm. It appears that although Taconic Biosciences had offered those affected two years of complimentary membership to Experian’s ProtectMyID product, there was a lawsuit filed anyway.

News10 reports:

As part of the settlement, Taconic is required to provide two years of comprehensive identity theft protections, pay up to $3,000 to the victims involved, and pay for legal fees and costs.

However, under the settlement, Taconic is not being held at fault.

Victims have until July 15, 2020 to file for benefits under the settlement.

I haven’t seen too many cases like this following successful W-2 phishing attacks, and I wonder if they settled because H.I.G. Capital acquired Taconic Biosciences in February and wanted to move on from the litigation or if there was some other reason.

McNamee Lochner is the law firm that represented the plaintiffs in the suit.  In a press release issued October 2, they stated that hundreds of individuals had their personal information compromised in the breach. There were 665 certified class members in the lawsuit.

It was not clear from their press release, however, whether any of the current or former employees actually became victims of tax refund fraud. DataBreaches.net reached out to the law firm’s press contact on October 3, and although we made contact and there have been multiple requests for a response, this site has received no answers to some questions, questions which included  whether any employees or class members had actually experienced tax refund fraud or identity theft (see below for Update to this post).


Update:  This site has now received some answers to questions that clarify a few points.

First, with respect to the question of whether any class members had actually experienced tax refund fraud based on their 2017 W-2 compromise, the law firm answered:

While we are aware of many clients who had fraudulent tax refunds. However, not all members of the class were individually represented by ML

The law firm also states that they were aware of “several cases of non-tax related fraud.”

They declined to provide a copy of the phishing email itself.

But it does appear that at least some employees experienced concrete harm that might reasonably be linked to the breach, so maybe that’s why the firm settled. It can’t be good when your own employees are so upset with you for aggravation they are experiencing, and if the settlement is what it took to restore a more productive environment, then it may be a smart move — particularly if there was any insurance that might help offset the costs.

Related:

  • Victims of W-2 phishing scams (2017 list)
  • The Ransomware Superhero of Normal, Illinois
  • T-Mobile customers affected by the Experian breach…
  • EXCLUSIVE: U.S. Info Search is responsible for…
  • TX: Statement and Frequently Asked Questions about…
Category: Breach IncidentsBusiness SectorCommentaries and AnalysesPhishingU.S.

Post navigation

← Records of 650 patients on missing computer hard drive: Alberta Health Services
DEVELOPING: Click2Mail investigating reports of a breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.