Amalgamated Sugar announced to employees that a hacker accessed all of the personal information contained on their W2 tax forms.
The hack yielded tax forms for 2,858 employees, including seasonal workers and employees who retired in 2016. The company currently employs between 1,200 and 1,500, including 574 in the plant and offices in Nampa, and hires hundreds of seasonal workers each fall.
On Wednesday, a hacker mimicked the email address used by CEO John McCreedy to send a phishing email to a corporate employee seeking copies of the tax forms, the company said in a release. The successful hack yielded personal information, including names, addresses, earned wages and social security numbers.
The company learned of the hack and within 24 hours notified law enforcement, the Idaho Attorney General’s Office, Idaho Tax Commission, the FBI and the IRS.
Amalgamated Sugar notified employees of the breach via email and workplace meetings. The company also purchased subscriptions for employees to LifeLock, which monitors and flags suspicious transactions. No employees reported problems, but the company urged workers to monitor their accounts and to improve its cyber security.
“We take the security of our employees’ personal information very seriously and we are examining our existing protocols and putting controls in place to prevent this from happening again,” McCreedy said in the release.
