Cyber criminals target Wallace employees

Published 6:27 pm Saturday, February 24, 2018

Personal and financial information of current and former employees of Wallace Community College Selma has been accidentally leaked through a phishing scam, according to an attorney representing the school.

Alex Walker, an attorney with Mullen Coughlin, a law firm that specializes in cybersecurity and data privacy, said on Feb. 5 an employee with the college released W-2 forms after receiving an email posing as someone with the college requesting the information.

“We call them phishing or spoofing emails. It’s very popular right now,” Walker said. “The email looks like it’s coming from somebody important. They ask you for the W-2 information for 2017 for the employees. You think you’re sending it to them … and what you’re actually doing is sending it to an outside email address.”

Email newsletter signup

W-2 forms, which are used to file for income tax returns, contain pertinent information, such as social security number, name, address, employer information, wage, etc.

Walker said forms of current and former employees were released, and the school did not discover the fraudulent request until two days later on Feb. 7.

The extent of the breach is not being disclosed. Walker said he could not comment on the number of employees who had their information leaked. He also could not comment on if the employee who leaked the information was still employed with the college or not.

“Since they discovered it … they’ve been working pretty tirelessly just to respond, make sure they know what happened and investigate and most importantly notify all of the effected current and former employees,” Walker said.

According to Walker, the school has notified law enforcement, as well as tax authorities, but it is not clear if there is an active criminal investigation. He said the college is offering a number of services to employees and former employees affected by the scam like credit monitoring, identity protection services and other resources.

But for at least one employee, it’s already too late. An employee who had their information leaked in the scam spoke with the Times-Journal Friday on the condition of anonymity.

The employee, who did not know of the phishing scam at the time, tried to file their tax return a few days after the information was leaked. The employee got a message from the tax filing software telling them the IRS had rejected the return and their return had already been filed.

The employee said when she notified the college of the issue, they were told it was not their fault.

Due to the employee’s tax return already being filed, the employee’s spouse had to file separately. The employee said they will get back a significant amount less than they would have had their information not been leaked.

The employee has had to open a new bank account, change bank drafts for bills and notify credit agencies.

The employee said W-2s from employees “from the top of the alphabet to the bottom of the alphabet” were released.

Walker said he could not comment on if other employees have had issues filing tax returns.