A school district in Texas says it lost sensitive tax information from every worker after a single employee was duped by a phishing attack.
Dallas-Fort Worth news station NBC5 reports that the Argyle school district is warning its workers that their W-2 tax forms were lost in a phishing attack. (Workers in America have just started receiving their W-2 forms from their employers so they can complete their tax returns for the year.)
According to the news station, the breach was the result of one employee who received an email claiming to be from the district superintendent. The worker responded to the message and attached the W2-s of all district employees as requested.
The station says that the FBI and IRS have been notified and are investigating the incident, but so far they have not found the suspect. The school district says it will be offering all employees a year of free identity theft protection service.
It is believed that the W-2 forms will be used (or re-sold) for the purpose of filing fraudulent tax returns. Armed with the personal information on those forms (including worker social security numbers and salary information), criminals could potentially file fraudulent tax claims and then pocket the refunds for themselves.
Last year, a wave of fake returns was spotted following the loss of user account info from an IRS help website.