Two more Manatee County School District employees have reported being victims of identity theft believed to be a result of the data breach that resulted in the release of more than 7,700 W-2 tax forms to hackers.
On Feb. 3, school district officials first learned of the security breach as a result of an email phishing scam. The scam first attacked corporations, and later school districts, tribal organizations and nonprofits across the nation became targets, according to an IRS warning issued the day before the breach at the Manatee County School District.
Employees were warned that same evening in an email from school district Superintendent Diana Greene.
School district officials later learned that someone posing as Greene had sent an email to a district payroll employee requesting all W-2 forms for district employees. The employee, with the help of another employee, complied with the request, sending a PDF file containing all 7,700 W-2s for those who had worked in the district in 2016 to the scammer.
On March 6, a 62-year-old woman, listed simply as a school board employee, reported to the Manatee County Sheriff’s Office that someone had filed for a federal income tax return using her 2016 W-2, according to an incident report. She reportedly believed that it was a result of the data breach.
On March 9, a 47-year-old woman who works at Stewart Elementary School also reported identity theft as a result of someone using her information to file for a federal income tax return. The woman had attempted to file her own tax return through H&R Block, but it was declined because a tax return already had been filed.
Since the data breach, at least one other school district employee has already reported identity theft after the employee’s W-2 was used by someone else to file an income tax return.