Charleston Post and Courier parent sends employee W-2 information to scammer

The Charleston Post and Courier posted this column on February 26:
phish

One day later, the CEO of the newspaper’s parent company sent this email:

Date: February 27, 2016
To: All Employees of Evening Post Industries and its Affiliates
From: John Barnwell, CEO
CC: Members of the Board of Directors

Dear Fellow Employees,

Yesterday, Friday, February 26, Evening Post Industries was the targeted victim of an email spoofing incident. Through this incident, a request was made for a summary of all 2015 employee W2 information – to include all affiliates. Unfortunately this information was provided before we discovered that the request was made from a fraudulent account, by an individual purporting to be me.

We discovered the fraudulent nature of the request late afternoon Friday and have been working diligently ever since to investigate and gather as many resources as possible to counteract this incident. As you are impacted parties, we wanted to notify you immediately and share the resources we’ve put in place to help mitigate risk./CONTINUES

Here’s what we plan to do – at a minimum:

* Provide access to free credit monitoring and identity restoration services for everyone who is affected by this incident;
* Provide access to a call center to answer questions and assist you with all related issues, and
* Provide all of the necessary documentation / reporting that you may require arising out of this incident

Here’s what we have done so far:

* We notified our Board of Directors of the attack;
* We notified Division Heads;
* We notified and engaged our external auditors;
* We consulted with our cyber security advisors on how to best provide prompt notice of this incident, and helpful tools and information, to you;
* We have lined up several vendors who all of us will be able to access immediately (as soon as this Monday) to begin mitigating risk and to assist you with responding to this incident.

We continue to learn more during our ongoing investigation, and we will provide regular updates as appropriate. In the meantime, I am attaching the following generic information that is useful in considering the theft of sensitive personal and financial information.

While the attachment is useful, it is also overwhelming. [The attachment, not included here, is headlined: “STEPS YOU CAN TAKE TO PREVENT IDENTITY THEFT AND FRAUD.”] Please know that we will do everything possible to walk you through this burden of complexity which we have become victim.

During the last seven years that I have had the pleasure and responsibility of providing written communications to you as the company’s CEO, there have been plenty of ups and downs. I have always tried to be as transparent as possible; this is no exception.

This Monday, we expect to shore up a number of our vendor arrangements. So, beginning Tuesday, I plan to begin a number of face-to-face meetings (beginning with the employees of The Post and Courier) and subsequently visit with all of you.

With good news, there are always plenty of ways to spread the credit – on the flip side, the buck stops with me. I am deeply saddened by this event and I apologize that this incident may have affected you.

Sincerely,

John

The company owns ten newspapers and ten television stations.

* Scammers who specialize in tax refund fraud have a new trick up their sleeves (krebsonsecurity.com)




Comments

comments