Application security, Breach, Threat Management, Data Security

How sweet it isn’t: W-2s of 3K Amalgamated Sugar workers exposed

Nearly three thousand workers at Boise, Idaho-based Amalgamated Sugar have received notifications of an intruder accessing the company's network and their personal information being disclosed.

How many victims? Nearly 3,000 current workers at Amalgamated Sugar and those hired in 2016.

What type of information? All the basic personal data contained on a W-2 was lost to cybercriminals.

What happened? A hacker posing as the company's CEO sent an email to an employee in the corporate office requesting W-2s. Believing the authentic-looking email was legitimate (the email address appeared to come from the CEO), the unwitting employee complied with the request and emailed 2016 W-2s of employees at several of the company's facilities to the hacker.

What was the response? Company officials are investigating the incident and are working with law enforcement. A company lawyer said further information will be provided to employees within the next few days. He advised employees to place a fraud alert on credit files and notify the major credit bureaus so they would receive an alert should anyone attempt to open a new account in their name or change an existing account. Further, he advised employees to keep an eye out for suspicious activity on their credit statements

Quote: “We greatly regret this breach has occurred." – Scott Blickenstaff, general counsel for the Snake River Sugar Company/The Amalgamated Sugar Company, LLC.

Source: KM-TV / Sacramento Bee.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.