Cyber Incident Victim: Central Concrete Supply

On February 24, 2016, Central Concrete Supply Co., Inc., along with affiliated entities Right Away Redy Mix, Inc., and Rock Transport, Inc., discovered a data security incident involving unauthorized access to employee tax documents. The breach occurred the previous day when an employee received a fraudulent email request from a third party impersonating a legitimate individual. Through this social engineering scheme, the attacker successfully convinced the employee to transmit copies of all employees' 2015 W-2 income and tax withholding statements via email. Company investigations confirmed the attacker did not compromise any internal IT systems or networks, as the data was obtained solely through human manipulation rather than technical infiltration. The compromised W-2 forms contained sensitive personal information including employee names, Social Security numbers, income details, and tax withholding amounts.

Upon identifying the incident, Central Concrete Supply initiated notification procedures for affected employees across all three companies. The organization emphasized that no other personnel records or financial systems beyond the 2015 W-2 forms were accessed or exfiltrated during the breach. In their communications, management clarified the attack methodology as a targeted business email compromise scheme rather than a technical security failure. The company directed impacted individuals to review the full breach notification published on the California Attorney General's website for additional details, though specific remediation measures offered to employees were not disclosed in the available notification excerpt. No information regarding regulatory fines, legal consequences, or exact employee impact numbers was provided in the public disclosure.