Domain registration company Rightside tells employees that W2 forms were stolen in phishing attack
Rightside Group, the Kirkland, Wash.-based domain name services and web hosting company, informed an unspecified number of employees overnight that their W2 tax forms were stolen earlier this week in an email phishing incident. The forms included name, home address, Social Security Number and 2015 income.
Rick Danis, Rightside’s general counsel, said in an email to affected employees that the company has been targeted by “highly sophisticated email phishing scams” in the past few months. Phishing attacks are typically emails posing as official messages from banks or other service providers as a means of gaining access to sensitive information.
“We started investigating the scam as soon as it was identified, and have also been working with authorities including the Federal Bureau of Investigation (FBI), local Police Departments and we have notified the IRS. So far, we have no evidence that there has been any use or attempted use of the stolen information,” Danis wrote in the email, obtained by GeekWire this morning.
Rightside executives have not yet responded to GeekWire’s inquiries about the scope and nature of the phishing attack. The publicly traded company, whose brands include eNom, NameJet and name.com, reported 250 employees as of September 2015.
According to the message, the company is offering affected employees the free use of a service for credit card and identity theft monitoring, and encouraging them to alert the IRS to the theft of their W2s and the potential for the filing of fraudulent tax returns.
Danis wrote in the message, “This is an ongoing investigation and Rightside will continue to be vigilant to ensure that necessary security measures and procedures are in place to protect our current and former employees’ personal information.”