Employees of the Washington Elementary School District became potential victims of identity theft after somebody fell for a phishing scam and sent 2015 W-2 information to an unknown party.
It happened Tuesday afternoon. The information was sent to an email address that was created to look like the superintendent's email address.
Once the data breach was discovered, the district called the police and began notifying anybody who worked for the WESD in 2015. It also was working to set up credit monitoring services for its employees, current and former.
District spokeswoman Carol H. Donaldson declined an on-camera interview but did provide a statement.
"Washington Elementary School District (WESD) administration discovered Tuesday afternoon, April 12, that a report of 2015 W-2 information was sent earlier that day to a fraudulent email address set up to appear as the superintendent's email address. The district immediately began to take corrective steps and notified law enforcement and the IRS. Notification has gone out to current and former employees who worked for WESD at any time between January 1 and December 31, 2015.
"The district's first priority has been its employees. It was imperative to administration to inform them and provide them with the resources necessary to monitor and protect their personal information. The school district is working with its insurance provider (Arizona School Risk Retention Trust) to provide credit monitoring services for current and former employees. WESD is reviewing processes to further protect district information."
The district did not say anything about the person who sent the information to the scammer.
Donaldson said the district would issue additional statements "if the ongoing investigation warrants it."
"When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing," explains the Federal Trade Commission website.
Phishing has become a common way for scammers to get the personal information needed to steal somebody's identity. Scammers target both businesses and individual. While nobody is immune to a phishing attack, there are things you can do -- or rather not do -- to protect yourself.
"Don't reply to email, text, or pop-up messages that ask for your personal or financial information," the FTC advises. "Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels."
If you believe you've been the victims of a phishing email, file a report with the FTC at FTC.gov/complaint.
Resources Computer security information from the FTC PhishTank.com: Join the Fight Against Phishing Symantec Phish Reporting Center Anti-Phishing Working Group Forward Phishes to: firstname.lastname@example.org and email@example.comCopyright 2016 KPHO/KTVK (KPHO Broadcasting Corporation). All rights reserved.