The Redmond (Ore.) school district reported that one of its workers fell for a phishing scam and emailed the W-2 forms for all district employees to an unauthorized person.
How many victims? About 1,000.
What type of information? All the basic personal data contained on a W-2, such as employee's name, social security number, mailing address, wages, and tax withholding information.
What happened? On February 24 a school office worker received an email from someone pretending to be district Superintendent Mike McIntosh requesting all employee W-2 forms. The district said so far the stolen data has not been used for nefarious purposes nor was any student information involved. The district's computer network has not been compromised and no user information such as passwords were taken.
What was the response? Redmond school officials notified local law enforcement and launched an investigation into the incident. A letter was sent to those affected recommending they file their taxes as soon as possible, change their banking and credit card login credentials and consider instituting two-factor authentication on their accounts.
Quote: “The Redmond School District experienced a data breach resulting in the release of all district employee W-2 information to an unauthorized third party. We apologize for this unfortunate incident and are taking immediate steps to safeguard your personal information and support you in protecting yourself from identity theft.
Sources: Redmond School District, News Channel 21 - KVTZ