Tipton County Schools was one of the first districts to reveal that an employee had fallen for a W-2 phishing scheme this year.
Now the district is being sued by its employees, it seems. Courthouse News reports:
Employees of a rural Tennessee county’s school system claim in a $19 million federal class-action lawsuit that their confidential information was released to a third party when the school board responded to a phishing email with their W-2 and tax information.
According to the complaint, the .pdf file sent to the criminal may have contained information on 1,937 employees. As far as I can tell, the complaint does not allege that any of the named plaintiffs suffered actual identity theft or tax return fraud as a result of the breach.