Tidewater Community College (TCC) in Norfolk, Va., reported that the tax information of all those employed at the school in 2015 was taken in a spear phishing scam.
How many victims? 3,000.
What type of information? The names, Social Security numbers, 2015 earnings, withholding and deduction information was compromised for current and former full-time, part-time wage, adjunct and student employees. The lost data did not include address, date of birth, spouse information, banking information or email addresses.
What happened? On March 2, 2016, a school employee responded to what was thought to be a legitimate request for this information from a TCC account. The request was, in fact, a phishing scam.
What was the response? TCC has implemented a cybersecurity training program for all employees who handle sensitive data. The school is conducting an investigation into the attack and is working with a credit monitoring service that claims it will help employees check to see if the stolen information is being used maliciously. It is also suggested that workers who have not done so should immediately file their tax return so the stolen tax information cannot be used by the criminals to file a fake return in their name.
Details? TCC said one of its employees was victimized by a spear-phishing attack. The malicious email asked for the W-2 information to be gathered and sent. The school is reporting that 16 people have already had a fake return submitted in their name, according to the Virginia Enterpise-Pilot.
Quote? "No amount of technology will prevent phishing, spear phishing or other kinds of attempted electronic fraud. The old saying, “Look before you leap,” applies here. If an email sounds strange or lacks the official TCC email signature – even though it appears to be from a close colleague – contact the supposed “sender” to authenticate it.”
Source: Tidewater Community College