[BreachExchange] Allegan County informs employees of 'social engineering' data phishing scheme

[Terrell Byrd]

https://www.hollandsentinel.com/story/news/politics/government/2022/02/18/allegan-county-informs-employees-w-2-data-phishing-scheme/6827950001/

GRAND RAPIDS — Allegan County officials have notified more than 560 county
employees that personal information on their W-2 forms was compromised in a
data breach.

On Feb. 11, the county sent a letter to the 567 employees who receive W-2
forms of the breach.

According to the letter, an employee, through a social engineering scheme,
mistakenly allowed access to personal information of employees to an
unknown third party. The letter, obtained by The Sentinel, was penned by
Executive Director of Human Resources Vickie Herzberg.

County Administrator Robert Sarro said the information believed to have
been breached is the information contained in employees' W-2 tax forms.
This information includes wages, addresses, names and social security
number digits.

“At this time, there is no evidence any of your personal information has
been misused. However, we recommend you remain vigilant against any
attempts to compromise your personal information,” the letter states. “In
particular, because the information affected was W-2 information, we
strongly recommend you confer with your tax preparer and/or the IRS to
discuss any steps you can take in advance of this year’s tax filing to
prevent any tax return fraud.”

Sarro said the employee who mistakenly allowed access self-reported the
leak. The county has offered a year of identity theft protection services
to affected workers.

Allegan County has informed the FBI of the breach, Sarro said.

“We’re hopeful that it will be looked into further, but we're not at this
time aware of any intentional acts,” Sarro said.

The county’s insurance carrier was also informed of the breach. Per the
letter, Allegan County officials do not believe any other information
systems currently are vulnerable following an investigation.

“We regret that it's happened. And at the same time, we’re very fortunate
that our employee had the integrity to self-report this matter, so that we
could notify people of the potential possibilities that may impact them,”
Sarro added.

Cyberattacks on units of government have increased in recent years.
According to a report, in 2020, there were more than 2,300 U.S.
governments, healthcare facilities and schools targeted in cyberattacks.

A bill to increase funding for cybersecurity training and resources for
local governments has passed the U.S. Senate and is now being considered by
the House.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220218/b4b73678/attachment.html>