| , ,

HR Alert: W-2s are Big Business for Scammers

Check out our blog. We cover everything from car accidents to employment law and other hot legal topics.

Start the Conversation Today

As if an HR professional’s role isn’t already fraught with peril, it’s important to guard against the inadvertent disclosure of sensitive information contained on employee W-2 forms.  While that’s common sense, what’s new about this risk is the strategies scammers use to fraudulently get to the information. Some try faking emails that look like they’re coming from a legitimate source, like your CEO. Others can actually scan data that you haven’t adequately protected.

Another common way that an employee’s personally identifiable information (“PII”) gets exposed is when an HR professional leaves a W-2 on an employee’s unoccupied desk or chair for later retrieval.  The days of simply leaving PII in a sealed envelope are long over. Don’t do it.

Standard operating procedures in the HR Department should include keeping employee PII protected, whether it’s in a hard-copy personnel file, in a cloud-based filing system, or on a W-2 form.

From a cybersecurity perspective, if the worst happens, there’s a speedy way to alert the IRS of lost employee PII.  Email dataloss@irs.gov and follow the instructions set out by the IRS on its website.  The IRS provides other useful guidance about reporting and thwarting internet theft. Remember, you may have other reporting requirements, as well so check with risk management and your legal counsel right away.

Finally, don’t let all the attention on cybersecurity get in the way of solid, common-sense office practices. Although it might take a few more minutes, personally deliver W-2s directly to employees and don’t leave them lying around, even if the area appears secure.

For guidance on helpful standard operating procedures for the HR professional, feel free to contact the attorneys at The Coppola Firm.

Lisa Coppola

Written by Lisa Coppola

Founder of The Coppola Firm

Lisa A. Coppola, Esq. understands the challenges her clients face, whether they’re starting a new business, taking their existing operations in a new direction, or facing a claim or threat.

Blog Categories


Speak With the Lawyers at The Coppola Firm

NAICS Code: 541100

© The Coppola Firm
Attorney Advertising. Prior results do not guarantee a future outcome.

Call Us Now Message Us