Cyber Incident Victim: Gryphon Technologies
Date:
Feb 2016
Location:
United States of America
Summary
Gryphon Technologies, a federal contractor specializing in cybersecurity and mission-critical defense systems, suffered a data breach when employee(s) fell for targeted phishing emails impersonating senior executives, resulting in unauthorized disclosure of all employees' W-2 information. The incident compromised sensitive tax data, leading the company to notify affected individuals, provide two years of credit monitoring, and implement additional safeguards alongside employee retraining to address security vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late February and early March 2016, Gryphon Technologies, a Washington D.C.-based federal engineering contractor specializing in cybersecurity and mission-critical defense systems, experienced a significant data breach resulting from targeted phishing attacks. Between February 29 and March 7, employee(s) at the company received two fraudulent emails impersonating senior executives—one appearing to originate from the CEO and another from the CFO. Both messages requested the disclosure of all employees' 2015 W-2 tax information, a highly sensitive dataset containing Social Security numbers, addresses, and salary details. The phishing scheme succeeded, with at least one employee—though possibly two separate individuals—complying with the fraudulent requests. Gryphon Technologies discovered the unauthorized data acquisition on March 7, 2016, triggering immediate internal investigation and response protocols. Within four days of discovery, on March 11, the company issued preliminary notifications to affected personnel, followed by more detailed formal notification letters on March 21.
The breach impacted current and former employees, though the exact number remained undisclosed in regulatory filings with the New Hampshire Attorney General’s Office. Publicly available employment figures suggested between 500 and 1,000 individuals potentially had their W-2 data compromised. As remediation, Gryphon Technologies offered affected individuals two years of complimentary credit monitoring services. The company concurrently implemented enhanced security safeguards and initiated mandatory employee retraining programs focused on phishing threat recognition. Notably, the incident occurred at an organization with advertised cybersecurity expertise in naval platforms and critical military infrastructure, highlighting the operational paradox between their defensive service offerings and internal vulnerability to social engineering. No evidence suggested compromise beyond the W-2 data, and the company maintained its contractual operations supporting U.S. and coalition forces throughout the incident response period.