CORRECTION: I picked this up incorrectly as Pittsburgh in PA. A kind reader pointed out my error. This was Pittsburg in Kansas!
Corrected Post:
The City of Pittsburg hasn’t disclosed how many former and current employees had their W-2 data stolen in a phishing scam on January 30, but I’m betting it’s more than a few. Their press release of today appears below. Remember that we are tracking these W-2 phishing incidents here.
Tuesday, January 30, the City of Pittsburg was subjected to a sophisticated phishing scheme targeting employee payroll data. The attack resulted in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year. The breach did not involve access to the City’s technical network, and no evidence has been found to suggest employee information has been misused.
The City is taking precautionary measures to protect anyone affected by the release. Within 24 hours of the data release, the City notified local law enforcement, IRS and FBI, sent critical communication to all impacted individuals, and provided complimentary identity theft protection services. The City is also providing technical support and enrollment assistance to those individuals.
“The safety and well-being of our current and former employees is incredibly important,” said City Manager Daron Hall. “This was not a technical attack against our firewall or network filters, but instead it was a social attack aimed at our employees. While we believe we have significant safeguards in place to reduce the risk of these types of threats, we take full responsibility for this incident occurring and will do better in the future to protect all sensitive data. I am proud of the way our management team worked quickly to identify the problem, the risk to those affected, and implement a solution within hours of the attack. We are in the process of analyzing our security measures against potential future incidents.”
According to the IRS website, the W-2 scam is just one of several new variations of phishing schemes that focus on the large-scale thefts of sensitive tax information. This email scheme pretends to be from company executives and requests personal information about employees, and uses the cover of tax season and W-2 filings to deceive people into sharing personal data.
The contractor selected to protect the employee information provides identity theft monitoring for financial accounts, stolen funds reimbursement, and a $1 million service guarantee per account. This 12-month coverage is being provided at no cost to affected individuals.
FYI – This is Pittsburg, KS, not Pittsburgh, PA. Headline has the city spelled incorrectly.
Thank you so much for catching my mistake. I’ve corrected it now and tweeted out a correction, too.
One of the good things about working on this site is that I learn about a lot of towns, cities, and even countries I never knew about.
One of the bad things about working on this site is that sometimes I get them all mixed up with each other! 🙂
Like Ontario, California. Or Ontario, Canada.
That one gets me every time.
There are a ton like that. I’ve made tons of errors over the last decade. It would help if every news site actually had THEIR location at the top of their web site so I’d at least know what state was reporting a news story. I often have to scroll down to the bottom of a site to figure out where a city is, or look at other local news and hope I recognize another location.
And when all else fails, I count on helpful readers to alert me to my errors. 🙂