Ouch. This isn’t a W-2 phishing attack, but in some ways, it seems even worse.
Carmel Unified School District notified employees that a successful phishing attack had gained access to an employee’s email account that had “a limited number of documents.”
Those documents may have contained employees’ or dependents’ information:
- Employee social security numbers
- Spouses’ and dependents’ social security numbers
- Employee/spouse marriage certificates
- Employee dependents’ birth certificates
- Doctor’s notes excusing employees from work or authorizing them to return to work, some with sensitive medical information
You can read the full notification below.
Carmel Unified Phishing Incident - CA Attorney General Sample_0