Cyber Incident Victim: Whiting-Turner

On March 8, 2016, Whiting-Turner, a contracting company, was notified by an unnamed third-party vendor providing tax filing and information services that suspicious activity had been detected on the vendor’s systems. The vendor was responsible for preparing employee tax documents, including IRS Forms W-2 and 1095. Around the same time, Whiting-Turner received reports from multiple employees regarding fraudulent tax filings submitted in their names. In immediate response, Whiting-Turner disabled user access to the vendor’s systems and initiated an investigation to determine whether unauthorized individuals had accessed employee data. The company’s investigation remained ongoing at the time of its April 2016 notifications, with no definitive confirmation of whether Whiting-Turner-specific information had been compromised through the vendor’s systems.

The incident potentially exposed sensitive personal information of current, former, and retired employees, as well as their dependents. For employees who received a 2015 IRS Form W-2 through Whiting-Turner, the data at risk included names, Social Security numbers, wage information, and tax withholding details. For adult beneficiaries, adult dependents, and minor dependents covered under employee healthcare policies, the breach potentially compromised names, dates of birth, and Social Security numbers listed on 2015 IRS Form 1095. Whiting-Turner issued notifications to all potentially affected individuals, including separate letters to employees and parents/guardians of minor dependents, advising them of the incident and recommending vigilance against identity theft and fraud. The company emphasized its proactive measures to secure data by terminating vendor system access but did not disclose remediation steps beyond the investigation or identify the vendor involved.