Nashville’s Ryman Hospitality Properties has fallen victim to a fraudulent phishing scam that resulted in employees’ IRS W-2 information, which includes Social Security numbers, being disclosed externally, Billboard has learned.
The company is parent to entertainment brands the Grand Ole Opry, Nashville’s historic Ryman Auditorium and legendary country radio station WSM-AM. Its managed assets also include Nashville nightclub the Wildhorse Saloon, four large resort hotels, two smaller hotels, a golf course, and Nashville’s General Jackson Showboat.
Ryman Hospitality executives first learned of the data breach on the afternoon of March 23.
According to a statement provided by the company, “An employee received an email that appeared to have been sent by an officer of the company asking for employee W-2 information. In reality, this email was sent from an outside party using a common fraud tactic known as email spoofing/phishing and, as a consequence, personal employee information was disclosed externally … We believe that any person who received a W-2 from us in 2015 may be impacted, but this does not include those who provided a Form 1099.”
Phishing scams have been making headlines of late, successfully targeting companies like Snapchat. Ryman Hospitality Properties may have been the victim of one in particular that raised enough red flags to garner significant media attention.
The company says it is “working aggressively to investigate all aspects of the situation” and it is apologizing for the incident. “We take the privacy of our employees’ personal information very seriously, and while we had controls in place to prevent this sort of leak, they did not work in this instance,” the statement says. “Our primary focus now is to work aggressively to ensure this never happens again, and we have an entire response team working toward this aim.”
Affected employees are being provided with identity theft protection and credit monitoring services at no cost.
A company rep confirms that some musicians were affected, but it is unclear whether they include any Grand Ole Opry cast members. Billboard reached out to reps for several Opry members on March 28, all of whom said they were not aware of the breach.