Not a Member? Get access to HR news and resources that you can trust.
Here is how HR can help prevent the missteps that could cost your company big in court.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
60+ new SHRM Seminar dates in 10 U.S. cities and virtually.
Expand your influence and learn how to become an effective leader -- Join us in Phoenix, AZ, October 2-4, 2017.
HR professionals who work for Gannett Co. Inc., were the victims of a cyberattack that exposed the data of 18,000 current and former Gannett employees.
Gannett publishes USA Today and more than 200 other news publications worldwide.
McLean, Va.-based Gannett warned workers that "hackers may have had access to their personal information after the e-mail accounts of people who work in its human resources department were broken into," reported the Associated Press.
Gannett said there was also an unsuccessful attempt to wire transfer corporate money.(The Associated Press)
The breach was discovered March 30.
Gannett said several of its HR employees had been the victims of a phishing attack. Hackers tricked HR professionals into giving them access to their e-mail accounts and corporate logins. The login credentials gave hackers access to employees' data.
The company told employees via letters that their Social Security numbers, banking details and other personal information may have been compromised.
Gannett, which also publishes The Arizona Republic, the Detroit Free Press, The Des Moines Register, and The Tennessean, reportedly notified authorities and offered current and former employees free credit monitoring.
[SHRM members-only toolkit: Record-Keeping Policy: Safeguarding Social Security Numbers]
HR departments make easy targets, experts say, because they're the keepers of a treasure trove of personal information. Between January and March of 2016, more than 55 companies were reportedly tricked into e-mailing cybercriminals sensitive payroll data, SHRM Online reported.
In most cases, junior HR professionals were duped when they received fake e-mail messages from hackers posing as senior company officials. They fell for the scam and e-mailed W-2s to cyberthieves—despite company policy against sending sensitive information over email. Crooks then took the W-2s and filed fake federal tax returns and claimed refunds from the government.
Some HR professionals have been fired for exposing private data.
Video: Watch, Listen, Learn
If you've been the victim of a W-2 phishing attempt, this video can show you what steps to take next.
Additional Tips for HR
Experts offered these tips to help HR professionals so they avoid being compromised by cyberthieves:
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
CA Resources at Your Fingertips
SHRM’s HR Vendor Directory contains over 3,200 companies