Furniture manufacturer and retailer Mitchell Gold + Bob Williams mistakenly furnished a cybercriminal operation with its employees’ W-2 information after falling for a phishing scam that used a spoofed email address.
Local North Carolina news affiliate WSOC has reported that 1,100 employees are affected.
“We do not believe that the individual who obtained the employee information accessed our computer network or that our IT systems were otherwise compromised by this attack,” reads an official company statement addressing the stolen information.
Citing deputies and employees, WSOC has reported that the hackers have already started using the W-2 information to file fraudulent tax returns.
According to Mitchell Gold + Bob Williams, the attack occurred on Jan. 23. The Alexander County Sheriff’s Office and the FBI are working on the case, and the company has offered a $5,000 reward for information leading to an arrest. Additionally, the company contacted the IRS and relevant state attorneys general, and it offering free identity theft services to affected employees.