Eurostar has forced all of its customers to reset their passwords after detecting an `` unauthorised attempt '' to hack into its systems and access their accounts . Customers reported receiving an email on Tuesday stating that the company had identified an attempt to access eurostar.com accounts using users ' email and passwords between the 15 and 19 of October . Eurostar confirmed that credit card details and payment details were not compromised Attack.Databreach because the company does not store that information online . Eurostar has yet to confirm how many people have been affected by this data breach Attack.Databreach or whether any data has been taken Attack.Databreach . The company has reported the data breach Attack.Databreach to the Information Commissioner 's Office . `` We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to access Attack.Databreach eurostar.com accounts using your email address and password , '' the company told customers . `` We 've since carried out an investigation which shows that your account was logged into between the 15 and 19 October . If you did n't log in during this period , there 's a possibility your account was accessed Attack.Databreach by this unauthorised attempt . '' Customers were told to check their accounts for `` anything unusual '' and update login details on any other site where they use the same password . A Eurostar spokesman said : `` This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts , so as a precaution , we asked all account holders to reset their password . We deliberately never store any payment details or bank card information , so there is no possibility of those being compromised Attack.Databreach . '' An ICO spokesman said : “ We ’ ve received data breach Attack.Databreach report from Eurostar and are making enquiries. ” Last week , British Airways revealed that almost 200,000 further passengers may have had their personal data stolen Attack.Databreach by hackers in the September attack Attack.Databreach in what experts described as one of the biggest breaches Attack.Databreach of consumer data the UK had ever seen .

In wake of last week ’ s ransomware attack Attack.Ransom , technology specialists warn that ‘ paying money Attack.Ransom to a criminal is never a good idea ’ Cybersecurity experts have warned businesses against meeting hackers ’ demands for money Attack.Ransom in the wake of the “unprecedented” attack Attack.Ransom on hundreds of thousands of computer systems around the world . Ransomware is a type of malicious software that blocks access to a computer or its data and demands money Attack.Ransom to release it . The worm used in Friday ’ s attack Attack.Ransom , dubbed WannaCry or WanaCrypt0r , encrypted more than 200,000 computers in more than 150 countries for ransoms Attack.Ransom of $ 300 to $ 600 to restore access . The full damage of the attack and its economic cost was still unclear , but Europol ’ s director , Rob Wainwright , said its global reach was precedented , and more victims were likely to become known in the coming days . The extent of the WannaCry attack Attack.Ransom prompted questions about what to do in the event of a ransomware infection , with many experts advising against paying the ransom Attack.Ransom , saying not only could it fail to release the data , it could expose victims to further risk . Peter Coroneos , the former chief executive of the Internet Industry Association and an expert on cyber policy , said whether or not to agree to ransomware demands Attack.Ransom presented practical and ethical dilemmas . “ These people are criminals , and paying money to a criminal is never a good idea . However , if it ’ s a trade-off between losing your lifetime ’ s family photos and making a payment Attack.Ransom to a criminal , then it ’ s up to the individual to make that judgment call . “ It would be very hard to walk away. ” But Gregory said it would be “ self-defeating ” for hackers not to release data upon receipt of a ransom Attack.Ransom , “ because that would immediately hit the media , and no one would pay ” . But not all ransomware attacks Attack.Ransom were motivated by financial gains , he added . “ If they ’ re a professional criminal organisation , their business model will be to release people ’ s computers once they ’ ve paid the money Attack.Ransom , but you don ’ t know . It could be someone having a laugh , or someone who ’ s trying to learn , or someone who ’ s released it accidentally . “ You just do not know – that ’ s the problem. ” With such attacks hitting computer systems at an “ ever-increasing rate ” , Gregory said prevention was the best course of action . With outdated operating systems “ easy targets ” , he urged individuals and businesses to automate updates and invest in software that protected against viruses , malware and ransomware across not only their computers , but tablets and mobile phones as well . “ It ’ s a combination of factors that will keep people safe ... For individuals , families have got to work together and companies have to take the time to ensure that their cybersecurity practices are up to date. ” Gregory recommended regular if not daily backups of personal data , which would allow victims to wipe the infected computer , reload their data , and start again .

The city has spent the past two weeks restoring online services disrupted Attack.Ransom by ransomware that held encrypted data hostage . Soon after Atlanta City Auditor Amanda Noble logged onto her work computer the morning of March 22 , she knew something was wrong . The icons on her desktop looked different—in some cases replaced with black rectangles—and she noticed many of the files on her desktop had been renamed with “ weapologize ” or “ imsorry ” extensions . Noble called the city ’ s chief information security officer to report the problem and left a message . Next , she called the help desk and was put on hold for a while . “ At that point , I realized that I wasn ’ t the only one in the office with computer problems , ” Noble says . Those computer problems were part of a high-profile “ransomware” cyberattack Attack.Ransom on the City of Atlanta that has lasted nearly two weeks and has yet to be fully resolved . During that time the metropolis has struggled to recover encrypted data on employees ’ computers and restore services on the municipal Web site . The criminals initially gave the city seven days to pay Attack.Ransom about $ 51,000 in the cryptocurrency bitcoin to get the decryption key for their data . That deadline came and went last week , yet several services remain offline , suggesting the city likely did not pay the ransom Attack.Ransom . City officials would not comment on the matter when contacted by Scientific American . The Department of Watershed Management , for example , still can not accept online or telephone payments for water and sewage bills , nor can the Department of Finance issue business licenses through its Web page . The Atlanta Municipal Court has been unable to process ticket payments either online or in person due to the outage and has had to reschedule some of its hearings . The city took down two of its online services voluntarily as a security precaution : the Hartsfield–Jackson Atlanta International Airport wi-fi network and the ability to process service requests via the city ’ s 311 Web site portal , according to Anne Torres , Atlanta ’ s director of communications . Both are now back online , with airport wi-fi restored Tuesday morning . The ransomware used to attack Atlanta is called SamSam . Like most malicious software it typically enters computer networks through software whose security protections have not been updated . When attackers find Vulnerability-related.DiscoverVulnerability vulnerabilities in a network , they use the ransomware to encrypt files there and demand payment Attack.Ransom to unlock them . Earlier this year attackers used a derivative of SamSam to lock up files at Hancock Regional Hospital in Greenfield , Ind . The health care institution paid Attack.Ransom nearly $ 50,000 to retrieve patient data . “ The SamSam ransomware used to attack Attack.Ransom Atlanta is interesting because it gets into a network and spreads to multiple computers before locking them up , ” says Jake Williams , founder of computer security firm Rendition Infosec . “ The victim then has greater incentive to pay a larger ransom Attack.Ransom in order to regain control of that network of locked computers. ” The city ’ s technology department—Atlanta Information Management ( AIM ) —contacted local law enforcement , along with the FBI , Department of Homeland Security , Secret Service and independent forensic experts to help assess the damage and investigate the attack . The attackers set up Attack.Ransom an online payment portal for the city but soon took the site offline after a local television station published a screen shot of the ransom note , which included a link to the bitcoin wallet meant to collect the ransom Attack.Ransom . Several clues indicate Atlanta likely did not pay Attack.Ransom the attackers , Williams says . “ Ransomware gangs typically cut off communications once their victims get law enforcement involved , ” he says . “ Atlanta made it clear at a press conference soon after the malware was detected ” that they had done so . The length of time it has taken to slowly bring services back online also suggests the cyber criminals abandoned Atlanta without decrypting the city ’ s files , Williams says . “ If that ’ s the case , the city ’ s IT staff spent the past week rebuilding Atlanta ’ s online systems using backed-up data that had not been hit Attack.Ransom by the ransomware , ” he says , adding that any data not backed up is likely “ lost for good. ” “ If the city had paid the ransom Attack.Ransom , I would have expected them to bring up systems more quickly than they have done , ” says Justin Cappos , a professor of computer science and engineering at New York University ’ s Tandon School of Engineering . “ Assuming the city did not pay the ransom Attack.Ransom , their ability to recover their systems at all shows that they at least did a good job backing up their data . ”

US Postal Service website flaw was patched Vulnerability-related.PatchVulnerability this week but reported Vulnerability-related.DiscoverVulnerability by a security researcher a year ago . The US Postal Service has fixed Vulnerability-related.PatchVulnerability a security bug in its website that allowed anyone with an account to see the account details of the site 's 60 million users . The flaw was patched Vulnerability-related.PatchVulnerability this week after USPS was informed Vulnerability-related.DiscoverVulnerability of the issue by Krebs on Security , which reports that an unnamed independent researcher reported Vulnerability-related.DiscoverVulnerability the bug a year ago but never received a response . According to Krebs , the flaw was caused by an authentication weakness in the application programming interface ( API ) on usps.com that supported the USPS 'Informed Visibility ' program , which offers business customers `` near real-time tracking data '' about mail campaigns and packages . The bug let anyone who was logged in to usps.com to see account details for others users , including email address , username , user ID , account number , street address , phone number , authorized users , mailing campaign data and more . Krebs notes that the `` API also let any user request account changes for any other user , such as email address , phone number or other key details '' . USPS said in a statement it had no information that the vulnerability had been used to access customer records . `` Computer networks are constantly under attack Attack.Databreach from criminals who try to exploit vulnerabilities to illegally obtain Attack.Databreach information . Similar to other companies , the Postal Service 's Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity , '' USPS said . `` Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously . Out of an abundance of caution , the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law . '' However , a recent vulnerability assessment of the Informed Visibility program by the Office of Inspector General of the US Postal Service turned up weaknesses , including a lack of audit logs , in the Informed Visibility database . The partially redacted audit report , published in October , assessed 13 Informed Visibility ( IV ) servers . It found overall compliance with Postal Service server configuration baselines , but weakness in the IV database 's account-management systems . `` We identified weaknesses in account management controls , specifically with password complexity , disabling user accounts , and maintaining audit logs , '' the OIG report notes . `` Without account management controls , the IV system is at risk for [ redacted ] . Further , if expired accounts are not disabled in a timely manner , this increases the duration that Postal Service information resources are vulnerable to compromise . `` Additionally , without audit logs , the Postal Service would not be able to obtain sufficient detail to reconstruct activities in the event of a compromise or malfunction '' . USPS has faced scrutiny in the past , after a 2014 hack exposed Attack.Databreach personal information on 800,000 employees , 485,000 workers ' compensation records , and 2.9 million customer-inquiry records . The OIG in 2015 criticized the USPS for focusing on compliance and failing to foster a `` culture of effective cybersecurity across the enterprise '' .

LabCorp , one of the largest clinical labs in the U.S. , said the Samsam ransomware attack Attack.Ransom that forced their systems offline was contained quickly and did n't result in a data breach Attack.Databreach . However , in the brief time between detection and mitigation , the ransomware was able to encrypt thousands of systems and several hundred production servers . The wider public first learned about the LabCorp incident on Monday , when the company disclosed it via an 8-K filing with the SEC . Since then , as recovery efforts continue , the company said they 're at about 90-percent operational capacity . According to sources familiar with the investigation , the Samsam attack Attack.Ransom at LabCorp started at midnight on July 13 . This is when the Samsam group used brute force against RDP and deployed ransomware by the same name to the LabCorp network . At 6:00 p.m. on Saturday , July 14 , the first computer was encrypted . The LabCorp SOC ( Security Operation Center ) immediately took action after that first system was encrypted , alerting IR teams and severing various links and connections . These quick actions ultimately helped the company contain the spread of the infection and neutralize the attack within 50 minutes . However , before the attack was fully contained , 7,000 systems and 1,900 servers were impacted . Of those 1,900 servers , 350 were production servers . The analysis and recovery continued at that point . This led the company to confirm the source of the attack as a brute forced RDP instance , and confirm that only Windows systems were impacted . According to NetFlow management and traffic monitoring , nothing left the network during the attack , so the company is confident that there was no data breach Attack.Databreach . Given the RDP connection to this attack , and the fact that most attacks of this nature are bi-directional , LabCorp will likely implement two-factor authentication in the future . It is n't clear if the company has a timeline for these changes , or if two-factor authentication was already in place at the time of the attack . Salted Hash has reached out to LabCorp for additional comment and will update should they respond . However , because LabCorp was able to detect and respond to the attack quickly , they likely saved themselves from costly and lengthy outages . It 's also likely that backups ( tested and current ) played a large role in the recovery phase of the incident . The last time the Samsam group was in the news , they had attacked the Colorado Department of Transportation twice in two weeks and the City of Atlanta . In March , based on the current value of Bitcoin at the time , it was estimated that the group had earned nearly $ 850,000 USD from their victims , who paid the ransom demands Attack.Ransom .

Conmen are taking phishing scams Attack.Phishing to the next level , targeting Apple users with emails and calls to a fake Apple Care service . While emails are a fairly common way of luring Attack.Phishing victims , it ’ s not every day that you hear about calls being involved to dupe Attack.Phishing folks . Ars Technica reports that the attack Attack.Phishing begins with an email which is designed to look like Attack.Phishing an official iCloud account warning . It claims a sign-in attempt was blocked on their account since someone tried to use their password . There ’ s a “ Check Activity ” button which opens up a page on a compromised site for a men ’ s salon in South India . The webpage immediately redirects Attack.Phishing the victim to another site , followed by another redirection to a fake Apple Support page asking them to contact support since their iPhone has been locked due to illegal activity . If they fall for the bait Attack.Phishing , the site launches a “ scanning ” box which eventually gives way to a pop-up box prompting the victim to call a number . If the email is opened in an iPhone , the number can be called straightaway . iPads and Macs can ’ t do the same , so the system will ask if they want to open it in FaceTime . The publication actually dialed the number and got in touch with someone who described themselves as “ Lance Roger from Apple Care. ” It seems the elaborate scheme is targeting email addresses associated with iCloud . The end game is to trick Attack.Phishing iPhone users into enrolling in a rogue mobile device management service . This allows the attackers to push infected apps onto the victim ’ s device , all the while pretending Attack.Phishing this is a part of Apple ’ s security service . The phishing site is still live right now , but both Google and Apple have marked it as deceptive . Ars Technica has additionally passed on the technical details of the scam to an Apple security team member . The company told Engadget that it has resources on its support website to help people tell right from wrong . Everyday iOS users could still easily get fooled though .

Attacker forges Attack.Phishing security certificates , sends Attack.Phishing emails to government offices and private citizens . In the past few days , the National Authority for Cyber Security has seen evidence of planned cyber attacks on various targets in the Israeli marketplace . The Authority analyzed the evidence and uncovered the attacker 's plan , as well as the different points of application he had used . Their analysis showed the attacker sent Attack.Phishing emails under the guise of a legitimate organization and attempted to attack Attack.Phishing 120 organizations , government offices , public institutions , and private citizens . He also forged Attack.Phishing security certificates , masquerading as Attack.Phishing a safe company . The National Authority for Cyber Security is continuing its efforts to block the threat , and is working to publish guidelines and suggestions to help the Israeli marketplace avoid future attacks of the same type . The guidelines will be published on the Authority 's website .

Services are being restored to the St. Louis Public Library computer system after a ransomware attack Attack.Ransom last Thursday impacted access to machines and data at all 17 branches . Library management refused to pay Attack.Ransom the $ 35,000 demanded as ransom Attack.Ransom , and IT staff wiped affected servers and restored them from available backups . On Friday , the library was able to restart its circulation workflow , and patrons were able to check out books at all locations . By Saturday , checkout and returns systems were at 100 percent availability , and now only the library ’ s reserve system remains to be restored . That work began on Monday and is expected to be up and running shortly . Executive director Waller McGuire said the library immediately reached out to the FBI for help with the investigation , and it ’ s not clear where the infection began , nor how it spread throughout the library network . “ The real victims of this criminal attack are the Library ’ s patrons . SLPL has worked hard to open a secure but widely available digital world to the people of St. Louis , and I am sorry it was interrupted , ” McGuire said in a letter to library patrons published on Monday . “ An attempt to hold information and access to the world for ransom Attack.Ransom is deeply frightening and offensive to any public library , and we will make every effort to keep that world available to our patrons ” . McGuire also said that patrons ’ personal and financial information is not stored on its servers , and none of that data was impacted by the attack . Louis Public Library has been working with the FBI to identify how criminals broke into our system and correct the problem , ” McGuire said . “ I apologize to patrons for any inconvenience this incident has caused : on most days thousands of St. Louis Public Library patrons check out materials and use computers for many purposes ” . A request for additional comment from McGuire was not returned in time for publication . It ’ s unknown which ransomware family was used to attack the library , nor how the infection started . McGuire said in his letter to patrons that criminals broke into the library network and installed malware . This runs contrary to most ransomware infections where the malware is spread in spam or phishing emails enticing the victim to open a malicious email attachment or click on a link in the message that downloads the malware . The St. Louis library is the latest in a growing list of high-profile businesses and public services falling victim to ransomware . Less than a year has passed since the Hollywood Presbyterian attack Attack.Ransom , in which a $ 17,000 ransom was paid Attack.Ransom , and the Kentucky Methodist Hospital attack Attack.Ransom , in which officials reportedly refused to pay Attack.Ransom . The University of Calgary also fell victim as have other colleges , universities , local law enforcement and government agencies , and entertainment organizations .

Services are being restored to the St. Louis Public Library computer system after a ransomware attack Attack.Ransom last Thursday impacted access to machines and data at all 17 branches . Library management refused to pay Attack.Ransom the $ 35,000 demanded as ransom Attack.Ransom , and IT staff wiped affected servers and restored them from available backups . On Friday , the library was able to restart its circulation workflow , and patrons were able to check out books at all locations . By Saturday , checkout and returns systems were at 100 percent availability , and now only the library ’ s reserve system remains to be restored . That work began on Monday and is expected to be up and running shortly . Executive director Waller McGuire said the library immediately reached out to the FBI for help with the investigation , and it ’ s not clear where the infection began , nor how it spread throughout the library network . “ The real victims of this criminal attack are the Library ’ s patrons . SLPL has worked hard to open a secure but widely available digital world to the people of St. Louis , and I am sorry it was interrupted , ” McGuire said in a letter to library patrons published on Monday . “ An attempt to hold information and access to the world for ransom Attack.Ransom is deeply frightening and offensive to any public library , and we will make every effort to keep that world available to our patrons ” . McGuire also said that patrons ’ personal and financial information is not stored on its servers , and none of that data was impacted by the attack . Louis Public Library has been working with the FBI to identify how criminals broke into our system and correct the problem , ” McGuire said . “ I apologize to patrons for any inconvenience this incident has caused : on most days thousands of St. Louis Public Library patrons check out materials and use computers for many purposes ” . A request for additional comment from McGuire was not returned in time for publication . It ’ s unknown which ransomware family was used to attack the library , nor how the infection started . McGuire said in his letter to patrons that criminals broke into the library network and installed malware . This runs contrary to most ransomware infections where the malware is spread in spam or phishing emails enticing the victim to open a malicious email attachment or click on a link in the message that downloads the malware . The St. Louis library is the latest in a growing list of high-profile businesses and public services falling victim to ransomware . Less than a year has passed since the Hollywood Presbyterian attack Attack.Ransom , in which a $ 17,000 ransom was paid Attack.Ransom , and the Kentucky Methodist Hospital attack Attack.Ransom , in which officials reportedly refused to pay Attack.Ransom . The University of Calgary also fell victim as have other colleges , universities , local law enforcement and government agencies , and entertainment organizations .

Phishing Attack.Phishing and other hacking incidents have led to several recently reported large health data breaches Attack.Databreach , including one that UConn Health reports affected 326,000 individuals . In describing a phishing attack Attack.Phishing , UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessed Attack.Databreach a limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breaches Attack.Databreach involving apparent phishing Attack.Phishing and other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromised Attack.Databreach email accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquired Attack.Databreach by the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attack Attack.Databreach on UConn Health could rank as the second largest health data breach Attack.Databreach reported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breach Attack.Databreach revealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposed Attack.Databreach on the internet for several weeks last December , resulting in a breach Attack.Databreach affecting 974,000 individuals . Several other phishing Attack.Phishing and hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized access Attack.Databreach to anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessible Attack.Databreach . '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained access Attack.Databreach to some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposed Attack.Databreach , the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishing Attack.Phishing continues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacks Attack.Phishing to make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be intercepted Attack.Databreach . `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishing Attack.Phishing and other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has access Attack.Databreach to when they compromise Attack.Databreach a user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromised Attack.Databreach had incredibly large numbers of emails immediately accessible Attack.Databreach to the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''

Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacks Attack.Phishing - are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive data Attack.Databreach that criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scams Attack.Phishing , exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breaches Attack.Databreach publicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromised Attack.Databreach on January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofed Attack.Phishing an email and pretended to be Attack.Phishing one of the company 's owners . W-2 records for all companies and all employees were compromised Attack.Databreach . Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attack Attack.Databreach on January 30 , which affected employee W-2 records . The school did n't say the incident Attack.Databreach was the result of a BEC attack Attack.Phishing , but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing as Attack.Phishing a manager requested them . In 2016 , the criminals behind the BEC attacks Attack.Phishing mostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacks Attack.Phishing are essentially Phishing scams Attack.Phishing , or Spear Phishing Attack.Phishing since the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forged Attack.Phishing an email and pretended to be Attack.Phishing the victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .