Cyber Incident Victim: Laufer Group International
Date:
Feb 2018
Location:
United States of America
Summary
An email spoofing incident targeted the company, with an attacker impersonating the CEO to fraudulently obtain 2017 W-2 forms for approximately 240 current and former employees. The compromised data included names, addresses, Social Security numbers, wage information, and tax withholding details. The organization discovered the breach the same day, notified affected individuals and relevant authorities including the FBI, IRS, and state tax agencies, and offered complimentary identity theft protection services. No banking information, dates of birth, driver's licenses, or health records were accessed in the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 16, 2018, Laufer Group International Ltd. experienced a data breach resulting from an email spoofing attack. An unknown individual or group impersonated the company’s CEO, Mark Laufer, by sending a fraudulent email to an employee requesting copies of 2017 IRS W-2 forms for all employees employed during the previous year. The recipient complied with this request before realizing the email was illegitimate, inadvertently transmitting sensitive documents containing personal information of approximately 240 current and former employees. The compromised data included names, addresses, Social Security numbers, wage or salary details, and tax withholding amounts. Laufer Group discovered the fraudulent nature of the request on the same day as the incident. One affected individual was identified as a New Hampshire resident based on company records. The breach did not involve bank account information, credit card numbers, dates of birth, driver’s license numbers, or health records according to the company’s investigation.
Laufer Group initiated multiple response actions immediately following discovery. Current employees received email notifications about the breach on February 16, 2018, followed by formal written notices dated February 26, 2018, to all affected individuals. The company reported the incident to the Federal Bureau of Investigation through its IC3 online portal, filed a report with the New York Police Department’s First Precinct, and notified the IRS and state taxing authorities. No law enforcement investigation delayed these notifications. As remediation, Laufer Group offered affected individuals a choice between a complimentary one-year subscription to IDShield’s individual identity theft protection plan or reimbursement for purchasing LifeLock Standard directly. The company provided detailed guidance to victims, including instructions to review credit reports, place fraud alerts or credit freezes with major credit bureaus (Equifax, Experian, and TransUnion), and file complaints with the Federal Trade Commission via IdentityTheft.gov. Director of Human Resources Jovina Johnson served as the primary contact for employee inquiries and remediation assistance.