The Milwaukee Bucks players, coaches, and staff have all been compromised, Bucks officials told TODAY'S TMJ4. Their personal information stolen.The FBI and the IRS have been notified, and the Milwaukee Bucks social security numbers and other sensitive information are in the hands of thieves.
The Bucks say Monday an email was sent out to the company from someone pretending to be the Bucks president. It said he needed all the employee W-2's from 2015. The problem is the email wasn't really from the Bucks president.
"It might look official like it is from that person but there is actually a hidden routing number inside that email," says Nick Blando, IT specialist at The Computer Repair Specialists in Milwaukee.
Blando says these people are likely not Bucks fan looking to get Coach Jason Kidd's home address.
"In that particular instance I believe they were after social security numbers or bank accounts numbers or other financial information. It's not just fun and games, they want financial gain," Blando says.
He says most of these thieves are from places like Russia or China. Blando says the Bucks are not alone. He says at 90 percent of his business is with people who have infected their own computer. The best thing to do is to not hit reply, start a new email and type in the address you know. Also, Blando says check with the person who wants sensitive information before you send anything, no matter who the person making the request.
"Once you provide that information you are out of luck," Blando says.
Blando says there is no virus protection you can put in your computer to protect against email spoofing. The Bucks say all of their employees have been given free credit monitoring for three years and non-expiring identity restoration services.
The Bucks released a statement Thursday evening confirming that employees' W-2s were compromised:
“On May 16, 2016, we discovered our company was the victim of an email spoofing attack that occurred when a request was recently made by an unknown impersonator of our president for 2015 employee W-2’s. Unfortunately, that information was provided by an employee before it was determined that the request was made from a spoofed email address.
We take this incident, and the privacy and security of our employees, very seriously. We immediately launched an investigation, which is aggressive and ongoing. We quickly notified impacted individuals and are arranging for these individuals to have access to three years of credit monitoring and non-expiring identity restoration services. We have reported this incident to the IRS and the FBI, and will work with the authorities to continue our investigation and response to this incident. We believe this incident arose as a result of human error, and are providing additional privacy training to our staff and implementing additional preventative measures.”