Arlington Public Schools says around 40 more employees have been victims of a data breach that compromised employee tax information.
That’s in addition to the 28 employees APS said were affected last week.
APS said an unknown party or parties were able to login to APS’ secure data system, STARS, via use of “personally identifiable information… from an unknown source.”
Employees were given the latest update on the data breach Wednesday afternoon, said Assistant Superintendent Linda Erdos.
APS is taking steps to better secure its systems, employees were told.
In addition to the steps we took last week to contract with cybersecurity experts to assist with our on-going investigation, we have put in place several more precautions to protect all employees’ personal information.
1. We have changed the STARS password for all accounts that may have been compromised.
2. We have disabled the “self-service password reset” feature in STARS. Now, if you need to reset your password, you need to call the Help Desk at x2847.
3. We also have added a new requirement for logging into STARS with a device that is outside of the APS network. The system will now require you to provide your APS network username and password first before you can log into STARS.
With the help of the outside organizations and experts that we have hired, our entire team in the Department of Information Services continues to focus on the ongoing investigation. In addition, we have obtained the services of an outside cybersecurity expert to advise us on additional steps that can be taken to further ensure our network security. We have also contracted with an outside organization to perform regular security audits of our network in the future.
Shortly after our first article on the data breach was published last week, a tipster told ARLnow.com that the problem was bigger than APS had admitted.
What the ‘announcement’ did not say was that multiple APS employees have been informed by the IRS in the last two weeks that fraudulent returns for 2015 have been filed with their name and social security number along with that of their spouses and children, information beyond W2 information. This is beyond the supposedly 28 employees breached by the exposure of their W2s.
Here’s what the same tipster said earlier this week.
In a follow up to your story of a week ago. In addition to the 28 employees, there are over 90 APS employees who have been impacted by a data breach with many having fraudulent tax returns filed using their names and social security numbers along with their dependents.
Said APS: “We will continue our investigation of the most recent event and update everyone if we obtain additional information.”