Snapchat Responds to Leak of Payroll Data Following Phishing Attack

Posted on March 1, 2016
FTC Says Identity Theft Victims Don't Always Need a Police Report
The popular video messaging application Snapchat has responded to a partial leak of its former and current employees' payroll information following a recent phishing attack. On Monday, Team Snapchat published a statement on their company's blog:
"We’re a company that takes privacy and security seriously," the statement begins. "So it’s with real remorse–and embarrassment–that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry."
The blog post goes on to reveal that someone in the company's payroll department fell for a phishing attack in which a scammer impersonated Snapchat's CEO and requested employees' payroll information. The partial data leak occurred on Friday, February 26th. Shortly thereafter, the company determined that the attack was an isolated incident and that it did not result in any breach of its internal systems or its users' data. It also notified all affected employees and reported the event to the FBI.
"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Team Snapchat observes. "To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again."
security-15.png
Phishing attacks are one of the most common types of scams on LinkedIn and other social media platforms. Fortunately, there are ways for companies to protect themselves against these schemes. Sean Gallagher of Ars Technica reports that data loss prevention (DLP) and email filtering tools could block messages containing sensitive information, such as employees' Social Security Numbers and other personally identifiable information, from being sent to an external party. Additionally, companies can invest in security education programs that teach employees to look out for phishing scams.
"As the scammers become ever more sophisticated, it's easy to be duped, as Snapchat's payroll department unfortunately discovered," said Richard Beck, Head of Cyber Security at QA, as quoted by ZDNet. "The good news is that arming employees with some basic cyber security know-how -- such as knowing not to click on a URL sent via email -- makes it relatively easy to thwart these scammers and defend against the cyber threats that every business faces today."
To learn more about how you can spot a phishing attack, please click here.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!