St. Agnes Medical Center in Fresno, Calif., reported that about 2,800 staffers had their W-2 information compromised by a spearphishing attack earlier this month.
How many victims? 2,812
What type of information? The criminal was able to obtain the 2015 W-2 data for all Saint Agnes employees, which included name, address, salary information, withholding information and Social Security number.
What happened? On May 2 a hospital staffer received an email purportedly from St. Agnes CEO Nancy Hollingsworth asking that the employees' 2015 W-2 information be emailed to her. The worker was fooled by the deceptive email and sent the requested information exposing the data.
What was the response? St. Agnes has since contacted the California Attorney General and the hospital is offering one year of membership with Experian's ProtectMyID Elite.
Quote? "We were the target of what is known as a BEC (Business Email Compromise/Correspondence) attack, which typically focuses on tax information that can be used to obtain fraudulent returns. As a result of the BEC attack, the information from W-2s of all individuals employed by Saint Agnes Medical Center during calendar year 2015 has been compromised.
Source: Saint Agnes Medical Center