The form includes information about an employee’s name and address, Social Security number, wages, federal income tax withheld, state and local income tax, dependent care benefits, and other sensitive information. According to a person familiar with the matter at TransPerfect no client data was compromised.
The e-mail from HR said the theft affects “team members employed by TransPerfect Global Inc. in 2015.” In addition, a number of current employees’ payroll information from the period ended January 13, 2017 was also compromised.
The W-2 phishing scheme is a well known attack. The US Internal Revenue Service issued an alert on March 1, 2016 to payroll and HR professionals warning of an “emerging phishing e-mail scheme,” which specifically targets the payroll data “including Forms W-2 that contain Social Security numbers and other personally identifiable information.” On January 25, 2017, the IRS reissued the alert.
According to the IRS, cybercriminals attempt to “monetize data, including by filing fraudulent tax returns for refunds.”
TransPerfect’s HR urges those affected to take steps to protect their identity, including submitting a so-called Identity Theft Affidavit to the IRS, and filing their 2016 tax return as soon as possible.
The company has also notified the New York Police Department and federal law enforcement. Furthermore, TransPerfect says it is offering affected current and former staff “2 free years of credit monitoring, identity theft protection, and Fraud Resolutions services through Experian.”
The data theft could potentially add to TransPerfect’s legal woes. Seagate, another high-profile victim of the same scheme, was sued by angry employees in a class-action lawsuit filed in July 2016. On December 19, 2016, a Kansas Judge denied a motion to dismiss a class-action suit filed over a similar data theft by staff of healthcare company CareCentrix. Other victims of the scheme include Phoenix-based Sprouts Farmers Market and Renovate America, and others.
