Pivotal is the latest company to fall prey to a phishing attack which apparently netted a good amount of personal employee data.
An email sent this week to employees, purportedly by Pivotal CEO Rob Mee, asked for payroll information. One recipient, thinking the message was legitimate, sent the W-2 tax information for all U.S. Pivotal employees to an unknown party.
Staff was informed of the incident by an internal company memo, which was viewed by Fortune, sent out late Thursday.
A spokesman confirmed the attack, which compromised payroll information for certain employees.
"We take privacy and security very seriously and have been working with law enforcement on this matter. We are continuing to investigate this matter and are working very hard to ensure the ongoing safety of our employees' personal information. No customer information was compromised as part of this incident," he said by email.
Subscribe to Data Sheet, Fortune’s technology newsletter.
To mitigate the impact, Pivotal told employees to file their tax returns as soon as possible. And, if they filed electronically and the return was not rejected, this year's return should not be affected. If they filed a paper return, they were told to check its status on the IRS Where's My Refund tool.
The company is hiring an ID monitoring service to help protect their information and will pay for three years of coverage and is setting up a call center hotline.
Phishing attacks, which dupe email recipients into revealing personal data, are on the rise. On March 1, the Internal Revenue Service issued an alert to human resources and payroll personnel.
In the alert, IRS commissioner John Koskinen warned of "a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data."
What's new is that they're targeting company payroll departments. "If your CEO appears to be emailing you for a list of company employees, check it out before you respond," he said in the statement.
Cybersecurity has a funding problem
This story was updated at 1:09 p.m. EDT with Pivotal comment.