The Milwaukee Bucks confirmed that a phishing email scam resulted in the NBA franchise disclosing the financial records of the team’s players and staff. In a statement made last week, the team said it has reported the incident to the IRS and the FBI. “On May 16, 2016, we discovered our company was the victim of an email spoofing attack that occurred when a request was recently made by an unknown impersonator of our president for 2015 employee W-2s,” read the statement.
“Unfortunately, that information was provided by an employee before it was determined that the request was made from a spoofed email address,” said the Milwaukee Bucks.
The 2015 W-2 records contained the player’s names, addresses, Social Security numbers, dates of birth and compensation figures. The NBA team said it quickly notified impacted individuals, and is offering three years of credit monitoring and non-expiring identity restoration services.
Bucks Statement On Security Incident: pic.twitter.com/6RX309ws3L
— Milwaukee Bucks (@Bucks) May 19, 2016
“We believe this incident arose as a result of human error, and are providing additional privacy training to our staff and implementing additional preventive measures,” the statement read. Nonetheless, Shams Charania of The Vertical (Yahoo! Sports) reported one agent representing a Bucks player said the response received on the major security breach was “unacceptable.” “The players need to know the exact measures being taken by the Bucks and the FBI to ensure each and every player’s identity and financial information will not be compromised,” the agent explained. “There needs to be accountability for such a mistake, details on the steps taken to rectify it and a process put in place to make sure this never happens again,” the agent added. As of this writing, it is yet unknown how many individuals in the Bucks organization were affected by the incident.
