The Redmond School District faces a massive data breach after an unknown individual impersonated the superintendent over email and obtained all employees’ names, Social Security numbers, mailing addresses and wage and tax withholding information.
Last Friday, one district employee received an email from someone who was pretending to be Superintendent Mike McIntosh. The person requested all employee W-2 forms.
“We’re trying to not let anybody panic, it’s a whole new racket, with respect to stealing and theft, and it happened to hit home today,” McIntosh said Monday evening. “We are trying to minimize the panic, but not minimize the importance, significance or urgency, and deal with it in a very productive and urgent manner.”
No direct deposit, banking, medical or student information was released in this breach. It does not directly affect families or students, either. This data breach only affects employees in the Redmond School District. There are 13 schools where about 1,000 current or recently retired employees face potential repercussions from the data breach.
All employees received an email from the district about what to do, including filing a 2016 tax return as soon as possible, filing an identity theft affidavit with the IRS and contacting credit report agencies.
“You hear of data breaches in major corporations, warehouses or banks, and how many of us have gotten new credit cards in the mail because there was an alleged breach in the system,” McIntosh said. “This isn’t a new phenomenon, it’s just new to the Redmond School District. And so we are trying to take that seriously, but appropriately as possible.”
Local certified fraud examiner Melissa Goddard said if important information like a W-2 form is requested, it should never be sent electronically.
“Any time you are asked to provide that information over an email, you should never send it,” Goddard said by phone. “You should walk it down to the HR department or whoever requested it from you and hand it to them, because it can get transferred to the wrong person.”
The district said there is no immediate damage to employees, but it is actively trying to safeguard all the information. If an employee does find their information has been used fraudulently, they should contact the district immediately.
Find the Original Article Here