This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
HR professionals who work for Gannett Co. Inc., were the victims of a cyberattack that exposed the data of 18,000 current and former Gannett employees.
Gannett publishes USA Today and more than 200 other news publications worldwide.
McLean, Va.-based Gannett warned workers that "hackers may have had access to their personal information after the e-mail accounts of people who work in its human resources department were broken into," reported the Associated Press.
Gannett said there was also an unsuccessful attempt to wire transfer corporate money.(The Associated Press)
The breach was discovered March 30.
Gannett said several of its HR employees had been the victims of a phishing attack. Hackers tricked HR professionals into giving them access to their e-mail accounts and corporate logins. The login credentials gave hackers access to employees' data.
The company told employees via letters that their Social Security numbers, banking details and other personal information may have been compromised.
Gannett, which also publishes The Arizona Republic, the Detroit Free Press, The Des Moines Register, and The Tennessean, reportedly notified authorities and offered current and former employees free credit monitoring.
[SHRM members-only toolkit: Record-Keeping Policy: Safeguarding Social Security Numbers]
HR departments make easy targets, experts say, because they're the keepers of a treasure trove of personal information. Between January and March of 2016, more than 55 companies were reportedly tricked into e-mailing cybercriminals sensitive payroll data, SHRM Online reported.
In most cases, junior HR professionals were duped when they received fake e-mail messages from hackers posing as senior company officials. They fell for the scam and e-mailed W-2s to cyberthieves—despite company policy against sending sensitive information over email. Crooks then took the W-2s and filed fake federal tax returns and claimed refunds from the government.
Some HR professionals have been fired for exposing private data.
Video: Watch, Listen, Learn
If you've been the victim of a W-2 phishing attempt, this video can show you what steps to take next.
Additional Tips for HR
Experts offered these tips to help HR professionals so they avoid being compromised by cyberthieves:
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies