On May 16, 2016, we discovered our company was the victim of an email spoofing attack that occurred when a request was recently made by an unknown impersonator of our president for 2015 employee W-2¹s. Unfortunately, that information was provided by an employee before it was determined that the request was made from a spoofed email address.
We take this incident, and the privacy and security of our employees, very seriously. We immediately launched an investigation, which is aggressive and ongoing. We quickly notified impacted individuals and are arranging for these individuals to have access to three years of credit monitoring and non-expiring identity restoration services. We have reported this incident to the IRS and the FBI, and will work with the authorities to continue our investigation and response to this incident. We believe this incident arose as a result of human error, and are providing additional privacy training to our staff and implementing additional preventative measures.