December 18, 2020
“AST LLC” has announced a data breach and is now sending notices to its employees to inform them that they have been compromised. The incident occurred on March 9, 2020, when someone managed to access employee payroll information by using a previously compromised email employee address. In fact, the infiltrator set up rules that diverted the messages received by the employee to the hacker's address, so the realization of the breach wasn’t immediate. The information that was accessed by the unknown party involves the employees’ 2019 W-2 wage and tax statements.
AST is an enterprise systems services provider and integrator that has clients in both the public and commercial sectors, but the particular security incident hasn’t affected the data of any of its customers. The company has already scanned its systems thoroughly to locate and clean any malware infections and has now implemented two-factor authentication protection on the email accounts of all its employees. Moreover, they have contracted “CORE BTS” to help them conduct a full vulnerability assessment and recommend mitigations, fixes, and improvements.
As for the affected personnel, they will receive a 12-month free identity theft prevention service from “LifeLock Defender.” All that the compromised individuals need to do now in order to register is to call “800-899-0180.” Still, the affected people should be careful with how they handle and respond to unsolicited communication, phishing, or scamming attempts reaching them via SMS or email. If something suspicious comes to your attention, make sure to report it immediately to the relevant service of the Federal Trade Commission (FTC) by calling “877-438-4338.” Those who feel uncomfortable or notice an activity they can’t recognize on their credit report are advised to place a security freeze on their bank accounts too.
The information that is contained in W-2 forms includes the person’s name, address, ZIP code, wages, social security details, tax details, the employer identification number (EIN), control number, employer name, and other information. That said, the actors managed to get their hands on very sensitive data. From now on, this data may be used by the network infiltrators or sold to others on the dark web. It means the exploitation and targeting of potential victims may not happen right now but in months and even years after the initial incident. It is nice to have 12 months of identity theft protection services, but you should remain vigilant after this period ends.