More than 500 Wisconsin state employees fell prey for a phishing scam which compromised the tax records of as many as 50 employees.
The workers got a email that directed them to a bogus landing page that replicated the Department of Human Resources website and encouraged them to click on a link that would enable them to access W-2 information.
Those who filled the form gave their name, address, Social Security number, and bank account number to the scammer.
TPRM report: https://scoringcyber.rankiteo.com/company/state-of-wisconsin
"id": "sta2376522",
"linkid": "state-of-wisconsin",
"type": "Cyber Attack",
"date": "01/2016",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Public Administration',
'location': 'Wisconsin, USA',
'name': 'Wisconsin State Government',
'type': 'Government'}],
'attack_vector': 'Email',
'data_breach': {'number_of_records_exposed': '50',
'personally_identifiable_information': ['Name',
'Address',
'Social Security '
'number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Tax records',
'Personally Identifiable '
'Information',
'Financial Information']},
'description': 'More than 500 Wisconsin state employees fell prey to a '
'phishing scam which compromised the tax records of as many as '
'50 employees. The workers received an email that directed '
'them to a bogus landing page that replicated the Department '
'of Human Resources website and encouraged them to click on a '
'link that would enable them to access W-2 information. Those '
'who filled the form gave their name, address, Social Security '
'number, and bank account number to the scammer.',
'impact': {'data_compromised': ['Tax records',
'Name',
'Address',
'Social Security number',
'Bank account number']},
'initial_access_broker': {'entry_point': 'Email'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Social Engineering via Phishing '
'Email'},
'title': 'Phishing Scam Compromises Tax Records of Wisconsin State Employees',
'type': 'Phishing',
'vulnerability_exploited': 'Social Engineering'}