Spoofing scam goes for the steal, scores Milwaukee Bucks' W-2 forms
Alley-oops: A Milwaukee Bucks employee was socially engineered into sending players' W-2 documents to a hacker.
Basketball fans have heard of the “Hack-a-Shaq” strategy. But yesterday, the NBA's Milwaukee Bucks franchise publicly acknowledged that the entire team was hacked — by a cybercriminal, that is.
In a statement, the Bucks reported a serious data breach after a hacker last month sent a team employee a spoofed email, impersonating team president Peter Feigin and requesting players' W-2 forms. Discovered on May 16, the breach allegedly exposed players' names, addresses, Social Security numbers, compensation figures and birth dates, according to a report by Yahoo Sports' The Vertical.
“We take this incident, and the privacy and security of our employees, very seriously,” said the Bucks in its statement. The team has launched an investigation, involving the league, players association, FBI and IRS, and also sent a letter to its players, offering credit monitoring and identity protection services. The Bucks also said it will institute additional preventative measures, including stronger privacy training.