Brunswick Corp. reported that it was the victim of an email phishing incident that resulted in the potential unauthorized disclosure of 2015 W-2 information of a large number of current and former employees.
The company said it has no reason to believe its information systems or any customer data or other employee information have been compromised. Brunswick noted that this was not a technical intrusion of its information systems.
“It was a sophisticated scam that plays on human nature,” Brunswick spokesman Dan Kubera told Trade Only Today.
Someone masquerading as Brunswick management sent emails to team members who would have access to W-2 information, Kubera said.
“In responding to what was believed to be a legitimate request from management, there was an employee who provided some data in an effort to be helpful,” he said.
The incident occurred Friday and the company learned of it later that day when the employee alerted management about the exchange. Kubera wouldn’t say how many employees were affected.
Brunswick is informing affected individuals and notifying the IRS and FBI, and is cooperating with other agencies, as appropriate, Kubera said.
“We’re actively investigating to fully understand the incident. We will be taking any steps we need to prevent an incident like this from occurring in the future.”
Brunswick is offering credit monitoring and reporting, identity theft assistance services and identity theft insurance free to every affected individual.
“It’s an unfortunate situation, and when something like this occurs we stand by our employees,” Kubera said.