Milwaukee Bucks players' tax information is now in the hands of identity thieves.
The Milwaukee Bucks and fans celebrate a win. (Photo by Jeramey Jannene via Flickr Creative Commons)
The National Basketball Association team is the latest victim of an email phishing scam in which crooks pose as corporate executives and ask payroll offices for employees' financial and tax information.
Phishing for tax form details: Team officials confirmed reports, first in Yahoo Sports and then at other sports and technology websites, that a Bucks' employee complied with an email request from a person impersonating team president Peter Feigin seeking 2015 tax year data on the franchise's employees.
It's unclear whether the fake request was for just the highly-paid NBA players' data or all Bucks' employees. I've seen reports both ways. Officially, the franchise is simply referring to "impacted" employees, but without any numbers or types of staff involved.
Regardless, the damage could be substantial.
Criminals now have W-2 information — names, addresses, Social Security numbers, compensation details and birth dates — of many folks who get bucks from the Milwaukee Bucks.
Team, tax and law enforcement follow-up: The security breach happened on April 26, with the Bucks discovering on May 16 that the financial and tax data documents were sent to the criminals.
Yep, all the info necessary to steal identities and set up fake accounts, drain legitimate ones and file fraudulent tax refund claims has been in the hands of crooks for three weeks. That's a lot of time to wreak a lot of financial and tax havoc.
The Bucks have notified the FBI and the Internal Revenue Service about the incident and the investigation into the security breach is, according to a statement from the team, "aggressive and ongoing." The team also reportedly is working with the NBA and National Basketball Players Association.
The Bucks assured affected employees that it "will work with the authorities to continue our investigation and response to this incident."
Part of that response is providing access to three years of credit monitoring and non-expiring identity restoration services for affected employees.
"We believe this incident arose as a result of human error and are providing additional privacy training to our staff and implementing additional preventative measures," the team added.
Always be on guard: I feel for everyone involved in this latest mass identity theft. I've been an ID theft victim myself, but thankfully didn't sustain major damage.
I've also have my personal information exposed when hackers got into a federal government data base.
And just last week, my credit union's credit card fraud department called to double check on a charge for a plane ticket to Spain. I'd love to be blogging from Madrid right now, but alas, that was not my purchase. Thank you, eagle-eyed fraud scouts, for stopping that crook's attempt at international travel on my many, many dimes.
But I've still got to preach a little here.
As I noted two months ago when I blogged that March arrives not as lion or lamb, but as a fish phish, any and all wide-ranging requests for workers' tax and financial data, regardless of who's purportedly asking for it, should be viewed skeptically. Any payroll or human resources official should at the very least double check the request.
I know that's easy for me to say. I don't answer to an imperious boss who could send me packing for not jumping high enough.
But with identity theft scams popping up on an almost daily basis, it pays to be extra cautious.
If you fear your tax and other financial date might be at risk, double check your accounts. If something is amiss, place a fraud alert on your credit reports and then order a free copy to get a fuller look at what might be happening in your name.
You can find more tips on dealing with identity theft and tax fraud at:
- Dealing with a stolen identity
- IRS working with tax industry, states to upgrade security
- Fear you might be a tax ID theft victim? Here's what to do
- Steps to take if you were, or become, an identity theft victim
- IRS seeks to enlist taxpayers in fight against tax ID theft
Basically, stay alert and be suspicious. A little skepticism could save you a lot, both in money and peace of mind.
