SAN MARCOS, Texas (KXAN) – Every person employed by the city of San Marcos in 2016 is at risk of identity theft after the city says an employee was targeted in a “spear phishing” email. The city tells KXAN News 803 employees’ information was compromised.
In an email sent to all city employees, the acting city manager, Steve Parker, says his department learned about the situation on Tuesday. Parker says the city employee responded to a targeted “spear phishing” email on Feb. 22.
“Spear phishing emails are an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” Parker said in the email.
He adds that the city employee replied to the message on the day the email was received and attached 2016 W2 information, which included the employees name, address, Social Security number and earning information.
“It was composed to look as if it was from someone within the organization,” said the City of San Marcos Finance Director Heather Hurlbert.
Hurlbert says the payroll department received the email specifically asking for the W2 information for all city employees. The request came from someone who appeared to be inside city hall with the “@sanmarcostx.gov” address.
“The employee not knowing that this was something going outside of the organization responded and provided that information,” said Herlbert.
According to the city, it took two and a half weeks before it realized someone stole the information. “We had a couple of isolated incidents and then we continue to have more and so at that point and time we looked into this,” said Herlbert.
So far, around a dozen employees have already reported their taxes were filed by someone else. Financial experts say if you fall victim to something like this, it could take months up to a year to resolve.
“It throws everything upside down,” said Rick C. Reed & Company Public Accountant David Crumbaugh. “It will require you to send in identifying documentation, driver’s license, passport, proof of employment, either your W2 or a letter from your employer stating that’s who you are.”
Crumbaugh says he’s worked with many of his clients who have gone through this exact situation. He says although stressful, it can be fixed.
“It will be okay, it is just going to take you a little bit of time. If you were depending on that refund it’s going to be a little longer to get it,” said Crumbaugh.
In the meantime, the city is providing all employees with credit monitoring and protection for the next three years.
“There has been continued education through our IT department making people aware of these scams. We will continue to emphasize this with our employees, I know that we have talked with IT about training about these targeted kind of scams,” said Hurlbert. “I know that IT works very diligently to monitor these types of things that come in and making sure that we maintain the highest level of security software that our servers are secure and that they monitor these types of threats all the time.”
The city says the employee’s actions breached policy, training and protocol. Due to employee privacy, they would not say if the person will be fired or disciplined.
The city has notified the IRS, state taxing authorities and the local police of the incident.
Many victims of tax identity fraud don’t know it until they file a tax return and find out someone else already claimed it. If that happes to you, the IRS says contact them. You’ll also need to fill out Form 14039, the Identity Theft Affidavit and file a complaint with the Federal Trade Commission.
The FTC suggest filing a police report and placing a fraud alert on your credit report.