Updated below with Rightside statement.
Rightside Group, the Kirkland, Wash.-based domain name services and web hosting company, informed an unspecified number of employees overnight that their W2 tax forms were stolen earlier this week in an email phishing incident. The forms included name, home address, Social Security Number and 2015 income.
Rick Danis, Rightside’s general counsel, said in an email to affected employees that the company has been targeted by “highly sophisticated email phishing scams” in the past few months. Phishing attacks are typically emails posing as official messages from banks or other service providers as a means of gaining access to sensitive information.
“We started investigating the scam as soon as it was identified, and have also been working with authorities including the Federal Bureau of Investigation (FBI), local Police Departments and we have notified the IRS. So far, we have no evidence that there has been any use or attempted use of the stolen information,” Danis wrote in the email, obtained by GeekWire this morning.
The publicly traded company, whose brands include eNom, NameJet and name.com, reported 250 employees as of September 2015.
According to the message, the company is offering affected employees the free use of a service for credit card and identity theft monitoring, and encouraging them to alert the IRS to the theft of their W2s and the potential for the filing of fraudulent tax returns.
Danis wrote in the message, “This is an ongoing investigation and Rightside will continue to be vigilant to ensure that necessary security measures and procedures are in place to protect our current and former employees’ personal information.”
Update, 2:30 p.m.: Rightside issued this statement on the incident.
Rightside was the target of a highly sophisticated email phishing scam. Unfortunately, personal information found on the W-2 form of US-based Rightside employees during the 2015 calendar year was compromised. Our network systems were not breached and no customer information was jeopardized.
When the scam was identified, Rightside immediately notified authorities including the FBI, IRS and local police departments, and has been working with them to investigate the situation and determine the best course of action for our affected employees and the company.
In order to mitigate the risk of potential fraud and identity theft to those who were impacted, Rightside has partnered with a 3rd party vendor to provide credit monitoring services and identity theft insurance.
This is an ongoing investigation and Rightside will continue to be vigilant to ensure that necessary security measures and procedures are in place to protect current and former employees’ personal information.