Cyber Incident Victim: Kinetics Systems
Date:
Jan 2018
Location:
United States of America
Summary
Kinetics Systems experienced a phishing attack where a scammer impersonating a company officer obtained personal information of current and former employees. The breach exposed W-2 data including names, Social Security numbers, employee identifiers, and wage details for 11 New Hampshire residents. The organization notified affected individuals electronically and via mail, implemented enhanced security protocols to mitigate future risks, and provided two years of complimentary credit monitoring and identity restoration services through a third-party specialist. A dedicated call center was established to address employee inquiries related to the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 25, 2018, Kinetics Systems, Inc. experienced a phishing attack in which a scammer impersonated a company officer via fraudulent email. This deception led to the unauthorized disclosure of personal information belonging to current and former employees who worked at Kinetics during 2017. The compromised data included W-2 details containing names, Social Security numbers, employee identification numbers, and wage information. Kinetics first became aware of the incident on February 1, 2018, when notified about the data exposure. The breach specifically impacted eleven New Hampshire residents among the affected employees. Kinetics promptly notified these individuals through electronic mail on February 2, 2018, followed by mailed written notices on February 6. The company characterized the event as an inadvertent data exposure resulting from the successful phishing attempt rather than a system intrusion or malware infection.
In response to the incident, Kinetics implemented procedural, policy, and technical safeguards designed to reduce the likelihood of similar future exposures. The company engaged Kroll Information Assurance, LLC to provide affected individuals with two years of complimentary credit monitoring, identity consultation, web monitoring, and identity restoration services. A dedicated call center was established to address employee inquiries related to the breach. Kinetics advised impacted individuals to monitor financial accounts, review credit reports, and consider filing taxes early due to concerns about fraudulent tax filings using exposed Social Security numbers. The company offered reimbursement for credit freeze fees incurred during the two-year monitoring period and provided contact information for credit bureaus and regulatory agencies including the Federal Trade Commission. While no evidence of actual misuse was confirmed, Kinetics acknowledged the risks of identity theft and tax fraud stemming from the exposure of sensitive W-2 data. The company maintained ongoing monitoring of the situation while emphasizing its commitment to protecting employee information through enhanced security measures.