Tech ·cybersecurity

Another Company Succumbs to Phishing Attack

BYBarb Darrow
Lawmakers Trying To Avert Fiscal Cliff To Prevent Short-Term Shock To The Economy
W-2 wage and tax statement forms are arranged for a photograph in Washington, D.C., U.S., on Tuesday, Nov. 20, 2012. President Barack Obama expressed confidence that he and Congress would reach an agreement that will avoid the automatic spending cuts and tax increases that are scheduled to occur at the end of the year. The fiscal cliff is the $607 billion combination of automatic spending cuts and tax increases scheduled to take effect in January. Lawmakers are trying to avert the cliff to prevent a short-term shock to the economy and reach an agreement on long-term deficit reduction. Photographer: Andrew Harrer/Bloomberg via Getty Images
Andrew Harrer—Bloomberg via Getty Images

Pivotal is the latest company to fall prey to a phishing attack which apparently netted a good amount of personal employee data.

An email sent this week to employees, purportedly by Pivotal CEO Rob Mee, asked for payroll information. One recipient, thinking the message was legitimate, sent the W-2 tax information for all U.S. Pivotal employees to an unknown party.

Staff was informed of the incident by an internal company memo, which was viewed by Fortune, sent out late Thursday.

A spokesman confirmed the attack, which compromised payroll information for certain employees.

“We take privacy and security very seriously and have been working with law enforcement on this matter. We are continuing to investigate this matter and are working very hard to ensure the ongoing safety of our employees’ personal information. No customer information was compromised as part of this incident,” he said by email.

Subscribe to Data Sheet, Fortune’s technology newsletter.

To mitigate the impact, Pivotal told employees to file their tax returns as soon as possible. And, if they filed electronically and the return was not rejected, this year’s return should not be affected. If they filed a paper return, they were told to check its status on the IRS Where’s My Refund tool.

The company is hiring an ID monitoring service to help protect their information and will pay for three years of coverage and is setting up a call center hotline.

Phishing attacks, which dupe email recipients into revealing personal data, are on the rise. On March 1, the Internal Revenue Service issued an alert to human resources and payroll personnel.

In the alert, IRS commissioner John Koskinen warned of “a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data.”

How to Keep Hackers From Stealing Your Tax Refund

What’s new is that they’re targeting company payroll departments. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond,” he said in the statement.

Cybersecurity has a funding problem

Since that time several other companies have suffered phishing attacks, including Seagate (STX), Turner Construction, Snapchat (SNAPCHAT), Actifio, and others, according to CSOOnline.

This story was updated at 1:09 p.m. EDT with Pivotal comment.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward