Cyber Incident Victim: ABC Bus Companies, Inc.

On February 16, 2018, an employee of ABC Bus Companies, Inc. received a phishing email disguised as an official communication requesting the production of all employee W-2 forms for 2017. The employee, believing the request to be legitimate, responded by transmitting three separate emails containing documents with sensitive personal information of ABC employees. The compromised data included first and last names, addresses, dates of birth, and Social Security numbers. In certain cases, complete W-2 forms containing additional tax-related information were also disclosed through these transmissions. The incident was discovered when ABC became aware of the unauthorized disclosure, though the exact timeframe and method of discovery were not specified in available documentation. The breach impacted at least one New Hampshire resident among the affected employees.

Upon identifying the incident, ABC Bus Companies immediately notified local law enforcement authorities and the Federal Bureau of Investigation (FBI) to initiate criminal investigations. The company separately alerted the Internal Revenue Service (IRS) regarding the exposure of actual W-2 forms to mitigate potential tax fraud risks for those specific individuals. As remedial action, ABC engaged Kroll to provide affected employees with complimentary identity monitoring services for one year. These services included credit monitoring, current credit reports, dark web surveillance ("Web Watcher"), public persona monitoring, financial account scanning ("Quick Cash Scan"), $1 million identity fraud loss reimbursement, fraud consultation, and identity theft restoration support. The company mailed individual notification letters via first-class post to all impacted persons, including the single affected New Hampshire resident, on or around March 2, 2018. No technical containment measures or system security modifications were described in the notification documentation.