Brunswick Corp. was victimized by a spearsphishing scam that netted the W-2 information for possibly all 13,000 current and former company employees.
How many victims? Up to 13,000.
What type of information? The names, social security numbers, 2015 earnings, withholding and deduction information was compromised for current and former full and part-time workers. Brunswick Corp., whose subsidiaries include outboard motor manufacturer Mercury Marine, said customer data was not involved in the breech.
What happened? On April 29, 2016 a Brunswick employee responded to what was thought to be a legitimate email from management requesting the W-2 information. In fact, the data was sent to an unknown and unauthorized and individual.
What was the response? The Brunswick employee who was phished and sent the W-2 information told management of the mistake later that day. The company notified the IRS along with the potentially affected employees by email. The company is offering credit monitoring and identity theft assistance services and ID theft insurance free to every affected person.
Quote? “At this time, the Company has no reason to believe that its information systems or any customer data or other employee information have been compromised. Brunswick noted that this was not a technical intrusion of its information systems, but rather a criminal scam that plays on human nature.”