There’s a lot we don’t know about this one yet, and it’s not clear to me whether this incident will fall into the phishing for w-2 list, but Tom Prudente reports:
Someone or a group has stolen personal information from an unknown number of Baltimore City employees and filed fraudulent tax returns, the city announced Thursday to all employees.
The data breach was discovered Thursday, and it was not immediately clear how many employees were affected or when the theft occurred, said Howard Libit, spokesman for Mayor Stephanie Rawlings-Blake.
“We are currently trying to assess the scope,” Libit said. “As we determine who has been affected, the city is certainly going to take the appropriate steps in terms of providing credit monitoring and other services.”
Baltimore City is the latest agency to be electronically targeted.
Read more on Baltimore Sun.
The city shut down access to online access to payroll and tax information, which makes me wonder who their vendor is for that, if there is a third-party vendor. And the news story says nothing about whether they’ve ruled out that an employee was phished.
This story will be updated as more information becomes available.