The California Office of the Attorney General reported a data breach involving NSC Technologies, LLC, on March 16, 2017. The breach occurred when an online hacker impersonated the company's CEO and deceived the payroll department into sending employee IRS W-2 forms on March 2, 2017. The affected information includes names, addresses, social security numbers, and income details from the W-2 forms for an unspecified number of individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-66949
TPRM report: https://www.rankiteo.com/company/nscstaffing
"id": "nsc308072725",
"linkid": "nscstaffing",
"type": "Breach",
"date": "3/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'name': 'NSC Technologies, LLC', 'type': 'Company'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['W-2 Forms'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Financial Information']},
'date_detected': '2017-03-16',
'date_publicly_disclosed': '2017-03-16',
'description': "An online hacker impersonated the company's CEO and deceived "
'the payroll department into sending employee IRS W-2 forms.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security Numbers',
'Income Details'],
'identity_theft_risk': 'High'},
'initial_access_broker': {'entry_point': 'Phishing Email'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Social Engineering'},
'references': [{'date_accessed': '2017-03-16',
'source': 'California Office of the Attorney General'}],
'threat_actor': 'Online Hacker',
'title': 'Data Breach at NSC Technologies, LLC',
'type': 'Data Breach',
'vulnerability_exploited': 'Social Engineering'}