A hackers accessed an email containing an attachment which included 2015 W-2 tax forms for all salaried and hourly employees, including some former employees.
The compromised information included names, addresses, Social Security numbers and earnings, but not dates of birth.
The company immediately took action and advised employees not to share sensitive personnel information through email.
TPRM report: https://scoringcyber.rankiteo.com/company/opsec-security-inc
"id": "ops11419522",
"linkid": "opsec-security-inc",
"type": "Breach",
"date": "03/2016",
"severity": "65",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'type': 'Company'}],
'attack_vector': 'Email',
'data_breach': {'file_types_exposed': 'W-2 tax forms',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'addresses',
'Social Security numbers',
'earnings']},
'description': 'Hackers accessed an email containing an attachment which '
'included 2015 W-2 tax forms for all salaried and hourly '
'employees, including some former employees. The compromised '
'information included names, addresses, Social Security '
'numbers and earnings, but not dates of birth. The company '
'immediately took action and advised employees not to share '
'sensitive personnel information through email.',
'impact': {'data_compromised': ['names',
'addresses',
'Social Security numbers',
'earnings']},
'initial_access_broker': {'entry_point': 'Email'},
'response': {'communication_strategy': 'Advised employees not to share '
'sensitive personnel information '
'through email'},
'threat_actor': 'Hackers',
'title': 'Email Attachment Data Breach',
'type': 'Data Breach'}