Companies: what to do if your W-2 data has been hacked

Recently, hackers have been trying a new tactic to steal people’s identities: they’re targeting company payroll departments. There have been a string of phishing emails sent to employees in a company’s human resources or payroll departments, which appear to come from a high-level executive within the firm. The email requests employees’ W-2 information. If the employee receiving such an email sends the information, then the hacker can use the social security information in the W-2s to file fraudulent tax returns for many unsuspecting victims.

It is important to beware of any requests to send sensitive information by email. If you receive such an email, contact the person who appears to have sent it to verify authenticity of the request. In the event that your information has already been compromised, here are some steps you should take immediately:

• Send an email with subject “W2 Data Loss” to dataloss@irs.gov to notify them of the breach. Include your contact information in the email, but do not include any private employee information.
• Contact the Federation of Tax Administrators. They can direct you on how to report compromised employee details in your state.
• Submit a complaint to your local law enforcement agency and/or to the FBI Internet Crime Complaint Center.
• Inform impacted employees about the breach so that they can take necessary steps to protect their identities.

Identity theft scams are getting more sophisticated by the day. It is critical companies to stay alert to advancing security issues and to have protocols in place to help limit the risk of a breach.