Hun­dreds of W-2 forms stolen from cur­rent, ex-city work­ers

Phish­ing email dis­guised as mayor sought pay­roll info.

Austin American-Statesman - - COMMUNITY NEWS - By Tay­lor Gold­en­stein tgold­en­stein@states­man. com

Con­fi­den­tial in­for­ma­tion of more than 800 cur­rent and for­mer City of San Mar­cos em­ploy­ees has been com­pro­mised after one em­ployee fell for a phish­ing scam, of­fi­cials said Thurs­day.

Of­fi­cials learned Mon­day that a pay­roll em­ployee had been sent a tar­geted phish­ing email on Feb. 22 that was made to look like it was from the mayor. The em­ployee then sent back all of the city’s 2016 W-2 forms, which con­tain sen­si­tive in­for­ma­tion in­clud­ing So­cial Se­cu­rity num­bers.

Fi­nance di­rec­tor Heather Hurl­bert said the city fig­ured out what had hap­pened after a few em­ploy­ees re­ported that they had tried to file their tax re­turns and were re­jected by the IRS be­cause records showed that a re­turn had al­ready been filed.

Act­ing City Man­ager Steve Parker sent an email Tues­day after­noon to em­ploy­ees about the breach, which was first re­ported Thurs­day by KXAN. In­for­ma­tion for 803 peo­ple was com­pro­mised.

“This was not some­thing where our sys­tem was hacked,” Hurl­bert said. “This was a re­quest that came in from the out­side and was made to ap­pear as if it was com­ing from the in­side re­quest­ing in­for­ma­tion.”

Phish­ing is a method used by scam­mers to fool some­one into pro­vid­ing per­sonal in­for­ma­tion by act­ing like an email is sent from a le­git­i­mate or­ga­ni­za­tion or known en­tity.

Hurl­bert ac­knowl­edged such a re­quest of a pay­roll em­ployee by the mayor would un­der nor­mal cir­cum­stances be “a lit­tle bit out of the or­di­nary.” She could not say whether there will be con­se­quences for the em­ployee in­volved, as it is a per­son­nel is­sue.

The city has a cy­ber-li­a­bil­ity in­sur­ance pol­icy and is con­sult­ing with the third-party com­pany now to as­sure the right steps are be­ing taken to rem­edy the sit­u­a­tion, Hurl­bert said.

It will also of­fer credit mon­i­tor­ing and iden­tity theft pro­tec­tion ser­vices at no cost to all af­fected cur­rent and for­mer em­ploy­ees for the next three years, she said.

The city has no­ti­fied the IRS, state tax­ing author­i­ties and po­lice of the in­ci­dent, and the IRS has told the city that it will mon­i­tor the af­fected peo­ple’s re­turns to pre­vent fraud­u­lent tax re­funds from be­ing paid out, ac­cord­ing to the email.

“We rec­og­nize this is­sue can be frus­trat­ing and we are tak­ing steps to help pro­tect you and to safe­guard the per­sonal in­for­ma­tion we re­ceive and main­tain go­ing for­ward,” Parker said in the email.

“We will work with ev­ery­one to make this in­ci­dent as pain­less as pos­si­ble,” Parker wrote. “This af­fected city man­age­ment, city coun­cil as well as all of you so we are all in this to­gether. To help pre­vent some­thing like this from hap­pen­ing again, we are ag­gres­sively an­a­lyz­ing where process changes are needed and will take the ap­pro­pri­ate ac­tions.”

San Mar­cos is the lat­est en­tity to fall vic­tim to such an at­tack. In Fe­bru­ary, the IRS is­sued a warn­ing about a phish­ing scam that had ini­tially tar­geted the cor­po­rate sec­tor but had spread to other ar­eas, in­clud­ing school dis­tricts, tribal or­ga­ni­za­tions and non­prof­its.

Last month, em­ploy­ees of Bel­ton school district’s busi­ness of­fice re­leased W-2 forms for about 1,700 cur­rent and for­mer district work­ers after be­ing tar­geted by a sim­i­lar phish­ing email that ap­peared to be from the su­per­in­ten­dent.

The two em­ploy­ees re­spon­si­ble for the breach re­signed, ac­cord­ing to the district spokesman.

And last Novem­ber, the El Paso Times re­ported that El Paso of­fi­cials had ac­ci­den­tally sent $3.2 mil­lion in­tended for a city project con­trac­tor to fraud­u­lent bank ac­counts after be­ing duped in a phish­ing scam.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.