Application security, Breach, Threat Management, Data Security

Spoofing scam goes for the steal, scores Milwaukee Bucks’ W-2 forms

Basketball fans have heard of the “Hack-a-Shaq” strategy. But yesterday, the NBA's Milwaukee Bucks franchise publicly acknowledged that the entire team was hacked — by a cybercriminal, that is.

In a statement, the Bucks reported a serious data breach after a hacker last month sent a team employee a spoofed email, impersonating team president Peter Feigin and requesting players' W-2 forms. Discovered on May 16, the breach allegedly exposed players' names, addresses, Social Security numbers, compensation figures and birth dates, according to a report by Yahoo Sports' The Vertical.

“We take this incident, and the privacy and security of our employees, very seriously,” said the Bucks in its statement. The team has launched an investigation, involving the league, players association, FBI and IRS, and also sent a letter to its players, offering credit monitoring and identity protection services. The Bucks also said it will institute additional preventative measures, including stronger privacy training.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

You can skip this ad in 5 seconds