Passwords for employee accounts are frequently stolen by threat actors and used to access corporate systems or sold to other attackers on criminal forums and underground markets. Once attackers have access to employee email accounts or shared company files, there are many types of fraud or extortion that can result. All critical accounts should be protected with Multi-Factor Authentication (MFA). Companies should actively monitor security events, including remote logins and suspicious program execution on endpoints, to detect attacker activity and take quick action to respond to intrusions. It is recommended that the affected employee remain vigilant for incidents of fraud or identity theft. If any suspicious activity is detected on an account, the financial institution or company that maintains the account should be promptly notified. It is also advised to report any tax fraud or suspected incidents of identity theft to proper law enforcement authorities and the IRS.

Source: https://www.scmagazine.com/home/security-news/data-breach/california-software-developer-hit-with-w-2-scam/