An NBA team said Thursday that their organization inadvertently provided tax information of employees, including players, to someone who was impersonating the team’s president over email.
The Milwaukee Bucks said the “security incident” involving W-2 forms of all 2015 employees was reported to the IRS and FBI after being discovered earlier this week. The team said it arranged for employees to have access to credit monitoring and identity restoration services.
Yahoo Sports’ The Vertical first reported the story.
The W-2 information included names, addresses, Social Security number, compensation information and dates of birth, according to the report. The unknown party requested the information on April 26 and the Bucks discovered that something was amiss on May 16, the team said in an email to players.
The Bucks said the mistake was the result of human error, and that they were providing additional privacy training to staff and implementing additional preventative measures.
An agent with a client on the team called the Bucks’ security breach “unacceptable.”
“The players need to know the exact measures being taken by the Bucks and the FBI to ensure each and every player's identity and financial information will not be compromised. There needs to be accountability for such a mistake, details on the steps taken to rectify it and a process put in place to make sure this never happens again,” the player rep told The Vertical.
It’s unclear how many Bucks players or employees were affected in the breach. A source told the Milwaukee Journal Sentinel that the data given to the spoof hacker wasn’t limited to just players.
The Bucks are preparing for next month’s NBA Draft where they have the No. 10 overall selection.
The Associated Press contributed to this report.