Posted on 03/21/2017 9:03:34 PM PDT by nickcarraway
Fraudster impersonates CEO of $1.2 billion San Mateo tech firm, steals employees’ SSNs and other IRS data
t’s not a letter anyone wants to receive: your employer telling you a data thief has stolen your Social Security number and other highly sensitive information by pretending to be your CEO.
But that’s what hundreds of employees of San Mateo software firm Coupa, co-founded by two former Oracle executives, recently received.
On March 6, according to the letter sent to the workers and obtained by SiliconBeat, the firm’s human resources department was targeted in a successful phishing fraud seeking employee’s IRS W-2 payroll forms.
“A scammer impersonated our Chief Executive Officer and requested that payroll information (Form W-2) for the 2016 tax year be sent via email,” the letter dated March 15 said.
Coupa, a cloud-based firm that makes spending-management software for business use, has 652 employees, according to the company. The firm’s CEO is Rob Bernshteyn. It was co-founded in 2006 by former Oracle executives Noah Eisner and Dave Stephens, with Stephens spending about four years starting it up between stints at Oracle.
The letter to workers went on to list what’s contained on the W-2: name, employee ID, Social Security number, state of residence and work, wages earned, amounts of company-paid benefits, contributions to retirement, and taxes withheld.
The breach of confidential data comes as Coupa, with a market capitalization of $1.2 billion, has been on a tear.
On top of adding machinery giant Caterpillar to its list of 500-plus customers, the firm ended its fiscal year Jan. 31 with $134 million in annual revenue, up 60 percent over the previous year.
No customer information was lost in the data theft, and only workers employed in 2016 were affected, the firm said in a statement.
“Coupa was one of numerous companies recently targeted by this ‘phishing’ scam,” the statement said. “Upon awareness of the scam, we immediately mitigated the isolated incident and implemented measures to protect affected individuals.
“We have not seen any evidence that any data has actually been misused. The privacy and protection of our employee data is a matter we take very seriously.
“We work swiftly to resolve incidents that may occur and partner with leading third-party vendors to take measures and preventions against security incidents.”
The letter to employees said the firm would supplement existing phishing-defense training with more training and information. Also, affected workers can sign up for two years of free identity-theft monitoring and insurance, the letter said.
Coupa notified the FBI immediately after discovering the scam, and also informed the IRS, the letter said.
Bernshteyn, the CEO, is also chairman of the company’s board, which counts among its members former Yahoo CEO Scott Thompson and former Salesforce executive vice-chairman Frank van Veenendaal.
Headquartered in San Mateo, Coupa has four other offices in the U.S., two in Canada, eight in Europe and three in the Asia-Pacific region.
#SmarterThanYou
Someone got the inside Coupa
About four months ago in Germany....someone sent an email into the finance officer of some small company (300-400 employees) and pretended to be the CEO....had the finance officer transfer roughly a million Euro to a out-of-country bank account. A day or two later, the whole thing is figured out. Money cannot be retrieved. Put the finances of the company in serious jeopardy. Cops say it was just one of several episodes to occur like this in recent months.
Shoot I tried to put SOME security and sanity into the systems (legacy IBM and a joke of a network) of a “prairie land” branch of a small company - wound up getting cursed at by the local head honcho. And nothing but disdain from one of his idiot lieutenants.
It was insane how unprotected they were. All of their messes were because of amateurish policies, procedures and a grade-school implementation practice. I couldn’t believe there were still operations like that.
Happened to my company last year.
Thousands of W2’s were stolen.
It’s been a constant nightmare ever since.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.