Cyber Incident Victim: Entergy

In February 2018, Entergy Corporation notified current and former employees of a breach involving unauthorized access to 2016 and prior tax year W-2 forms through the TALX online portal. TALX, a wholly-owned Equifax subsidiary that managed Entergy's employee portal, discovered potentially unauthorized access to accounts containing electronic W-2 tax documents. The breach did not impact 2017 tax year records. Investigation revealed attackers compromised accounts primarily by successfully answering personal verification questions to reset employee PINs, which served as portal passwords. Neither TALX nor Entergy systems were identified as the source of the personal information used to answer these security questions. The incident exposed sensitive wage and tax information from W-2 forms, though the exact number of affected individuals was not disclosed in available reports.

TALX collaborated with Entergy to notify impacted employees and state authorities, including the New Hampshire Attorney General’s Office. Notification letters explicitly clarified the breach vector involved external personal information exploitation rather than direct system compromises at TALX or Entergy. As remediation, TALX provided two years of complimentary identity restoration and assistance services to affected individuals. No evidence suggested misuse of the exposed data at the time of disclosure. The companies did not publicly disclose technical details about detection timelines, containment procedures, or whether the unauthorized access occurred through automated or manual means beyond the account reset method described.