The Bucks, in a statement issued Thursday, said they had discovered the “email spoofing attack” Monday, and they had “reported this incident to the IRS and the FBI.” The team said it “quickly notified impacted individuals and [is] arranging for these individuals to have access to three years of credit monitoring and non-expiring identity restoration services.”
“We believe this incident arose as a result of human error, and are providing additional privacy training to our staff and implementing additional preventative measures,” the Bucks said. The team has launched an “aggressive and ongoing” investigation into the incident, which, according to Shams Charania of The Vertical, took place April 26.
“The communication received on this major security breach is unacceptable,” an agent for a Bucks player told The Vertical. “The players need to know the exact measures being taken by the Bucks and the FBI to ensure each and every player’s identity and financial information will not be compromised. There needs to be accountability for such a mistake, details on the steps taken to rectify it and a process put in place to make sure this never happens again.”
The release of the W-2 forms could be quite costly, given that the documents provide a host of sensitive data, including social security numbers, addresses, employer ID codes and salaries. Bucks players were paid a total of $71,298,026 for the 2015-16 season, according to Basketball Reference.