FBFG Investigating Potential Class Actions Relating To W-2 Phishing Scams

Be aware: your employer may be, if it already has not been, subjected to phishing attacks by cyber-thieves seeking to procure sensitive employee information such as names, addresses, and social security numbers.

Every employee is forced to trust their most basic personal identification information to their employer, including names, addresses, and perhaps most importantly social security numbers. Accordingly, employers owe a duty to their employees to securely maintain that information in confidence, and they must maintain sufficient safeguards to prevent criminals from accessing that information.

Unfortunately, many employers fail in this duty and fall victim to scams by cyber-thieves seeking emloyee’s sensitive information.  One such scam — a particular form of email phishing known as a Business Email Compromise (BEC) — impacted the employees of at least 200 different companies in 2017 and put more than 120,000 taxpayers at risk.

In a BEC, the cyber-thief typically poses as a company executive or other authorized person and sends an email to an employee with payroll access. The thief requests a list of all employees and their W-2 forms with a subject line similar to “review” or “request.” The payroll official, believing they are responding to an executive,discloses the information, and it can take weeks for someone to realize the data breach has happened.  Unfortunately, these thieves will oftentimes file fake tax returns within a day or two of the theft.Companies that have suffered a BEC in 2017 include Pacific Quest, Sunrun, Paratransit, INSYS Group, and Transperfect Global, among scores of others.

At the beginning of a new year, as companies begin to prepare tax statements such as W-2s/I-9s, cyber-attacks directed at stealing sensitive employee information often take place.  The IRS even held a National Tax Security Awareness Weekearlier this month “to encourage both individual and business taxpayers to take additional steps to protect their tax data and identities in advance of the 2018 filing season.”

Any potential data breach should be taken very seriously, as the personal harm that can result is limitless and may include fraud or identity theft.  Attorneys at Finkelstein, Blankinship, Frei-Pearson & Garber, LLP have successfully brought lawsuitson behalf of countless data breach victims.  If you or someone you know worked or currently works at a company that has suffered from a BEC attack or other data breach, please contact us to discuss your legal options.