Cyberattack on Manatee County School District may compromise employee tax forms

Manatee County School District employees’ W-2 tax forms may have been compromised as a result of a cyberattack, the district announced to its employees Friday evening.

School district officials learned of the breach late Friday afternoon, Superintendent Diana Greene told employees in an email.

“As a result of this attack, employee W-2’s have allegedly been compromised,” Greene said in the email.

The IRS and FBI had already been contacted when the email went out, and Greene said the district was providing the federal agencies information for their investigation into the attack and in an effort to stop the misuse of any data from the annual earnings statements that may have been compromised.

The school district’s insurance agency was contacted immediately to confirm that all employees are covered by AllClear ID, an identity protection service, but the district is still awaiting a response, according to Greene’s email.

Greene told the Bradenton Herald Saturday that the district will be ensuring that all employees are covered by AllClear ID for the next year for their protection.

“We will be giving more information to our employees beginning Monday,” Greene said.

Employees will be updated on their coverage, which will include credit monitoring, and they will be provided a hotline to call the support center for additional information, she added.

“Our number one goal was to contact the IRS and the FBI as well as contact our insurance company,” Green said.

Starting on Monday, a full investigation in the attack will begin, she said. And while they do not know for sure whether employees’ information was compromised, none of the students’ information was breached, she added.

The IRS issued an urgent alert Thursday to the public regarding an ongoing cyberattack, calling it a W-2 email phishing scam that had first hit corporations, but victims now include school districts, tribal organizations and nonprofits.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,” IRS Commissioner John Koskinen said in a news release.

When the theft of data is immediately reported, the IRS said, the agency can take steps to help protect employees from tax-related identity theft that could follow.

According to the IRS, the scam works when the “cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise or business email spoofing.”

The scam, which first appeared last year, has reappeared earlier this tax season and to a broader cross-section of organizations, according to the IRS.

“It is important for you to know that we are still gathering facts as to what occurred and how we can best respond,” Greene said in her email to district employees. “Although we don't have all of the facts at our disposal at this time, we wanted to notify you as soon as possible so that you could closely monitor your personal information for any unauthorized activity.”

This story was originally published February 4, 2017 at 3:42 PM with the headline "Cyberattack on Manatee County School District may compromise employee tax forms."