TransPerfect continues to make headlines for all the wrong reasons. Slator has learned from multiple sources that the New York-based language service provider has fallen victim to an e-mail spoofing attack.

According to an e-mail (sent by TransPerfect’s HR department to current and former staff on January 20, 2017 and seen by Slator), an unknown individual pretending to be one of TransPerfect’s co-CEOs requested, and was sent, “all 2015 TransPerfect employee W-2 information.”

The W-2 form (Wage and Tax Statement) is a tax form used in the United States to report wages paid to employees and taxes withheld from them.

The form includes information about an employee’s name and address, Social Security number, wages, federal income tax withheld, state and local income tax, dependent care benefits, and other sensitive information. According to a person familiar with the matter at TransPerfect no client data was compromised.

The e-mail from HR said the theft affects “team members employed by TransPerfect Global Inc. in 2015.” In addition, a number of current employees’ payroll information from the period ended January 13, 2017 was also compromised.

The W-2 phishing scheme is a well known attack. The US Internal Revenue Service issued an alert on March 1, 2016 to payroll and HR professionals warning of an “emerging phishing e-mail scheme,” which specifically targets the payroll data “including Forms W-2 that contain Social Security numbers and other personally identifiable information.” On January 25, 2017, the IRS reissued the alert.

According to the IRS, cybercriminals attempt to “monetize data, including by filing fraudulent tax returns for refunds.”

TransPerfect’s HR urges those affected to take steps to protect their identity, including submitting a so-called Identity Theft Affidavit to the IRS, and filing their 2016 tax return as soon as possible.

The company has also notified the New York Police Department and federal law enforcement. Furthermore, TransPerfect says it is offering affected current and former staff “2 free years of credit monitoring, identity theft protection, and Fraud Resolutions services through Experian.”

The data theft could potentially add to TransPerfect’s legal woes. Seagate, another high-profile victim of the same scheme, was sued by angry employees in a class-action lawsuit filed in July 2016. On December 19, 2016, a Kansas Judge denied a motion to dismiss a class-action suit filed over a similar data theft by staff of healthcare company CareCentrix. Other victims of the scheme include Phoenix-based Sprouts Farmers Market and Renovate America, and others.