Another day, another phishing for W-2 incident. WFRV reports that Mercury Marine issued a press release today stating that its parent company, Brunswick Corporation, had been a victim of an email phishing scam. Brunswick, who had more than 13,000 employees globally in 2015, issued the following statement today: Brunswick Corporation today reported it has been the victim of an email phishing incident…
Category: Business Sector
Stanford University continues to investigate breach involving employee W-2 data
There’s been an update to a previously noted breach report out of Stanford University. On April 12, I had reported that compromise of employees’ W-2 data had been linked to the university’s service vendor, W-2 Express, a service of Equifax. The breach did not appear to involve a breach of W-2 Express’s system or of Stanford University’s network. Rather,…
Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved
It is bad enough when an employee falls for a phishing scheme that exposes fellow employees’ W-2 information. It is downright painful when an employee of a payroll services vendor falls for a scam and emails every clients’ W-2 data to criminals. Sadly, that is what happened to Alpha Payroll Services LLC. Read my story on Daily Dot.
How the Pwnedlist Got Pwned
Brian Krebs reports: Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them…
Federal contractor with cybersecurity ties notifies employees after W-2 info acquired by targeted phishing
I’ve continued to add entities to my list of firms or entities where employee W-2 information was successfully phished by emails purporting to be from an entity’s executive. One notification I read this morning made me cringe because the firm that was successfully phished has contracts with the government involving mission critical systems for U.S. and coalition…
Some Users of InnerChef Had Info Hacked and Leaked
Siriam Sharma reports: An anonymous hacker has been able to infiltrate food delivery startup InnerChef‘s servers, and has leaked a partial list of names, phone numbers, and email addresses used at registration to demonstrate the exploit. Gadgets 360 confirmed the data breach by calling and verifying three of the phone numbers provided in the list…