‘Data breach’ strikes Lexington Two employees
Sensitive personal data stolen from untold number of employees' W-2's
An untold number of Lexington County School District Two employees have been the victims of a “data breach,” the district announced late Friday.
In a release sent to affected employees and the news media, the district stated: “We recently fell victim to a social engineering scam which resulted in the disclosure of your W-2 information. This information includes name, address, social security number and salary data. Bank account numbers were not part of this information. This only impacts those that received a paycheck directly from Lexington 2 in calendar year 2016.”
Just how many employees were affected, and how the breach occurred, was not publicly disclosed. The district sent a private letter to employees on January 26, the day the breach was discovered. The followup letter sent out publicly on Friday to employees and local news media didn’t provide any such pertinent details.
The announcement of the breach to local news media, which contained that letter, came at 5:01 p.m. on Friday just after business hours.
Meantime, Friday’s notice said, all media questions should be directed to the district’s attorney, Jake Moore with Moore Taylor law firm, who was not immediately available for comment.
In the letter sent out Friday, the district instructed employees on how to access a free fraud-protection and credit-monitoring service for the next 12 months – though typically such services only alert but do not directly protect victims from identity theft.
A letter on how to enroll for the credit monitoring service, using each employee’s “unique code,” was to be sent to employees next week, and the district gave employees a phone number and website address at the Federal Trade Commission to get information on identity theft and “how to protect yourself.”
Meantime, the district stated, “Lexington 2 has also already notified SLED, the South Carolina Department of Revenue, the Social Security Administration, the IRS, the South Carolina Consumer Affairs Commission, the Consumer Protection Division, SC PEBA-Insurance and SC Retirement, and the SC Deferred Compensation plan.”
The district also warned employees about their passwords.
“We have also been asked if passwords should be changed with District email and bank accounts. With any password it is recommended that you change them on a regular basis every 45 days,” the district’s letter said.
“While we have no evidence that any of your personal information has been misused in any manner, we are taking appropriate precautionary measures to ensure your financial security and help alleviate concerns you may have,” the letter added.
The letter concluded: “At Lexington 2 we take our responsibilities to protect your personal information very seriously. We are deeply disturbed by this situation and apologize for any inconvenience.”