REDMOND, Ore. - The Redmond School District faces a massive data breach after an unknown individual impersonated the superintendent over email and obtained all employees' names, Social Security numbers, mailing addresses and wage and tax withholding information.
Last Friday, one district employee received an email from someone who was pretending to be Superintendent Mike McIntosh. The person requested all employee W-2 forms.
"We're trying to not let anybody panic, it's a whole new racket, with respect to stealing and theft, and it happened to hit home today," McIntosh said Monday evening. "We are trying to minimize the panic, but not minimize the importance, significance or urgency, and deal with it in a very productive and urgent manner."
No direct deposit, banking, medical or student information was released in this breach. It does not directly affect families or students, either. This data breach only affects employees in the Redmond School District. There are 13 schools where about 1,000 current or recently retired employees face potential repercussions from the data breach.
All employees received an email from the district about what to do, including filing a 2016 tax return as soon as possible, filing an identity theft affidavit with the IRS and contacting credit report agencies.
"You hear of data breaches in major corporations, warehouses or banks, and how many of us have gotten new credit cards in the mail because there was an alleged breach in the system," McIntosh said. "This isn't a new phenomenon, it's just new to the Redmond School District. And so we are trying to take that seriously, but appropriately as possible."
Local certified fraud examiner Melissa Goddard said if important information like a W-2 form is requested, it should never be sent electronically.
"Any time you are asked to provide that information over an email, you should never send it," Goddard said by phone. "You should walk it down to the HR department or whoever requested it from you and hand it to them, because it can get transferred to the wrong person."
The district said there is no immediate damage to employees, but it is actively trying to safeguard all the information. If an employee does find their information has been used fraudulently, they should contact the district immediately.
Here's the letter sent to all employees:
Redmond School District Employees:
The Redmond School District experienced a data breach resulting in the release of all district employee W-2 information to an unauthorized third party. We apologize for this unfortunate incident and are taking immediate steps to safeguard your personal information and support you in protecting yourself from identity theft.
A scammer impersonated Superintendent McIntosh via email and requested and received W-2s from all district employees on Friday, February 24, 2017. W-2s include an employee's name, social security number, mailing address, wages, and tax withholding information.
None of our internal systems were breached, and no user information such as email passwords were accessed.
What we are doing
The school district takes this incident very seriously and protecting you from identity theft is our top priority. Once discovered this morning, we immediately contacted the police and appropriate authorities to investigate the breach and minimize risk from the disclosure. An investigation is underway and we are taking steps to prevent future incidents.
What you can do to protect yourself
Contact your banking institution and alert them about the data breach.
Change passwords on all your banking accounts and credit cards and consider a 2-step password verification.
We also recommend adding 2-step verification to your district Gmail Account. Click here for instructions: https://www.google.com/landing/2step/.
File your 2016 tax return as soon as possible to prevent unauthorized parties from filing a false return. Additionally, you should file an Identity Theft Affidavit (Form 14039) with the IRS. See a fillable-PDF form attached to this email with Section A and B pre-filled. You will need to add your personal information in Sections C-F and fax the form and required documentation to 855-807-5720. Include a cover sheet marked “Confidential.” You may also mail this form to the IRS. Mailing information is included on the form.
Keep a record of your actions taken to mitigate risk from this unauthorized disclosure.
You may also consider contacting the credit reporting agencies directly if you wish to put in place a fraud alert or credit freeze. A fraud alert will notify any merchant checking your credit history that you may be the victim of identity theft and that the merchant should take additional measures to verify the application. Contacting any one of the three agencies will place an alert on your file at all three. A credit freeze restricts all creditor access to your account, but might also delay any requests you make for new accounts. Inquire with the credit-reporting agencies for their specific procedures regarding security freezes.
Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
Experian: 1-888-EXPERIAN (391-3742); www.experian.com; Fraud Victim Assistance Division, P.O. Box 9532, Allen, TX 75013
TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Again, we apologize for this unfortunate incident and are ready to answer questions and help you with solutions to any problems that may arise.
Additional information will be forthcoming as it becomes available. Please direct questions to district Public Information Officer Rainier Butler at 541-923-1133 or firstname.lastname@example.org.
Michael D. McIntosh
Redmond School District
P: 541.923.8267 | email@example.com