Verity Health Systems was targeted in an email phishing scam that resulted in the unauthorized release of employee W-2 information.
On May 22, the firm learned an attacker posing as an executive requested the W-2 tax information from a lower level employee on April 27, according to a sample notice submitted to the California Attorney General's office. Names, addresses, Social Security numbers, earnings, and the withholdings information of employees for the 2015 tax year were compromised in the breach.
Officials said in the notice that they are actively investigating the matter and that state and federal law enforcement have been notified of the incident.
Those affected will be offered two years of free identity protection services including up to $1 million in identity theft insurance with a $0 deductible.
Victims are also encouraged to monitor their accounts for fraudulent or suspicious activity.
