Industry News

Stealth Bomber maker admits hackers stole workers’ W-2 tax forms

US military contractor Northrop Grumman has admitted that hackers managed to infiltrate its systems, and gained access to sensitive employee records.

As The Register reports, the makers of America’s stealth bomber acknowledged in a letter sent to employees and the California Attorney General’s office that hackers infiltrated its online portal at various times over the course of almost a year, gaining access to workers’ W-2 paperwork for the 2016 tax year.

The personal information that may have been accessed includes your name, address, work email address, work phone number, Social Security number, employer identification number, and wage and tax information, as well as any personal phone number, personal email address, or answers to customized security questions that you may have entered on the W-2 online portal.

It’s easy to imagine how such information could be exploited by criminals.

Fraudsters race to submit tax refunds using the stolen data, tricking the IRS into approving a fraudulent refund in the name of the victim whose information has been exposed. If that’s not a good incentive to file your state and federal taxes as quickly as possible, I’m not sure what is.

As many organisations do not handle employee tax forms themselves, outsourcing the entire procedure to third party firms, a successful hacker might find that he or she has managed to steal the employee W-2 data of workers at multiple firms with just one attack.

Equifax Workforce Solutions, which ran the tax portal on behalf of Northrop Grumman, says that it does not believe that the unauthorised parties hacked into its systems by exploiting a vulnerability, but instead used a legitimate user’s stolen login details.

Cases like this should act as a reminder for all businesses of the need to put protective measures such as multi-factor authentication in place to reduce the chances of an attacker successfully compromising an online account, even if login credentials are stolen.

This is particularly important when sensitive information such as employee tax records are being entrusted to an online system.

In response to the attack, Northrop Grumman says it has disabled access to the W-2 portal, except from its own network. The company says it is also working with law enforcement agencies as they continue to investigate a spate of similar attacks targeting W-2 data.

Well-known corporations that have fallen foul of attacks targeting their staff’s W-2 tax information include Snapchat and Seagate.

If you do not have systems in place to properly protect your staff’s personal data then you are making life all too easy for online criminals. Don’t be the next corporate victim, take steps today to harden your systems from abuse.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.