When I saw that Monticello Central School District in New York had submitted a breach notification to the Vermont Attorney General’s Office and it mentioned phishing, I thought we might have our very first W-2 phishing incident of 2018.
But no, it seems that the school district is reporting a phishing incident that they believe happened on or about November 1, 2017. And it doesn’t appear to be W-2 data, either, as they say the personal information was name, address, date of birth, and Social Security number. An FAQ on the incident indicates that for some people, driver’s license number was also involved.
The district made arrangements with IDExperts to provide services to those affected, although the district says it has no evidence of any misuse of the information.
Read the notification here (pdf). They do not indicate when this breach was first discovered or how, or how many employees may have been affected, but the FAQ by IDExperts on the incident indicates that 2,598 individuals were affected.