Cyber Incident Victim: Travel Corporation

On February 26, 2018, Travel Corporation's Director of Human Resources received an email appearing to originate from the company's Global Chief Executive Officer, requesting payroll information and copies of 2017 W-2 forms for all U.S.-based employees. Perceiving the request as legitimate, the HR Director complied by transmitting a schedule containing the requested data along with copies of the W-2 forms. Subsequent investigation revealed the email was fraudulent, and the information had been sent to an unauthorized third party. The compromised data included names, addresses, Social Security numbers, and W-2 forms for all current U.S. employees and an unspecified number of former U.S. employees. The breach did not involve dates of birth, driver's license numbers, or information pertaining to employees' spouses, partners, or dependents.

Travel Corporation initiated multiple response actions following discovery of the incident. The company reported the breach to the Anaheim Police Department and the Federal Bureau of Investigation (FBI), while also notifying the three major credit reporting agencies. Internal measures included researching credit monitoring services for affected individuals and scheduling Q&A sessions for employees on February 27-28 and March 1, 2018. Affected employees were advised to place 90-day fraud alerts with credit bureaus, review free credit reports, and consider implementing credit freezes—with Travel Corporation offering reimbursement for California residents' $10 freeze fees. The company provided contact information for Annaliesa Chapman, Vice President of Human Resources, and referenced FTC resources including IdentityTheft.gov for identity theft recovery procedures. No technical details regarding attacker methodologies, compromised systems, or containment procedures beyond law enforcement engagement were disclosed in the notification.