On the Beat

Phishing scam catches NC Symphony

The W-2 tax information for members of the NC Symphony – conducted by Grant Llewellyn – and others associated with the organization was put at risk by an email scam.
The W-2 tax information for members of the NC Symphony – conducted by Grant Llewellyn – and others associated with the organization was put at risk by an email scam.

The North Carolina Symphony recently fell prey to an email “Phishing” scam – and it’s going to cost the organization nearly $60,000.

According to a report filed with the North Carolina Attorney General’s office, the Feb. 7 leak involved the mistaken release of W-2 tax information for 262 people, including symphony musicians, staff and contract employees. All but 20 of those affected are North Carolina residents.

The North Carolina Symphony has an annual budget of $14 million from donations, ticket sales, legislative appropriations and grants. To set things right, the organization is paying for a two-year membership in an identity-protection service for all affected individual. Total cost: $57,640.

“We have to do what we have to do,” said Sandi Macdonald, president and CEO of the symphony. She added that none of the organization’s patron information or data systems were compromised.

This W-2 scam has cropped up all across the country, targeting arts organizations and schools as well as businesses. The San Antonio Symphony, a school district in Illinois and an Indiana brewpub are among its other recent victims. The N.C. Department of Justice put out an alert about it earlier this month.

According to the alert, the state A.G.’s office had received reports of 18 such phishing breaches since the beginning of the year.

“It’s a scam that’s fairly widespread,” said Laura Brewer, communications director for the NC Department of Justice. “What they do is target people in positions related to (human resources) and try to get them to send W-2 information.”

The emails typically appear to come from the organization’s CEO or another top executive.

After the data leak, Macdonald said the symphony reported it to the Internal Revenue Service as well as the N.C. Department of Justice.

“We place a high value on the security of our processes and procedures, and we have had a longstanding commitment to ensuring the integrity of our systems to protect sensitive information,” Macdonald said. “That’s why this was so upsetting to everyone.”

David Menconi: 919-829-4759, @NCDavidMenconi

  Comments