Cyber Incident Victim: Scottsboro City Board of Education
Date:
Mar 2018
Location:
United States of America
Summary
A phishing attack targeting the Scottsboro City Board of Education's payroll department compromised W-2 information for all employees and substitutes after an attacker impersonated the superintendent to request sensitive tax documents. The breach was discovered when multiple employees encountered issues filing tax returns, prompting an internal investigation. The district reported the incident to federal and local authorities, including the IRS and FBI, noting this scam aligns with widespread tax-related phishing campaigns affecting numerous organizations. The compromised data exposed employees to potential identity theft risks, reflecting a common threat vector where fraudulent email requests exploit organizational trust to obtain financial records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early March 2018, the Scottsboro City Schools district in Alabama experienced a data breach compromising employee tax information through a phishing attack. The incident was discovered when multiple district employees reported difficulties filing their tax returns, prompting an internal investigation. Superintendent Dr. Jose Reyes, Jr. confirmed in a March 5 letter to staff that an unauthorized actor had impersonated him to request W-2 forms from the payroll department, which were subsequently disclosed. The compromised data affected all district employees and substitute teachers, exposing sensitive tax information typically contained in W-2 forms. The district did not specify the exact number of affected individuals but acknowledged the breach impacted their entire workforce.
The school system reported the incident to multiple law enforcement and regulatory agencies including the IRS, FBI, Scottsboro Police Department, and Jackson County District Attorney's office. This phishing scheme mirrored a widespread IRS-identified pattern that had targeted over 200 organizations in the previous year, collectively compromising hundreds of thousands of employees' data. The IRS had previously categorized the W-2 phishing scam as one of the most significant threats to the tax community due to its effectiveness. District leadership planned to provide further details through a public statement from Superintendent Reyes later in the week following initial notifications to affected staff. The incident highlighted operational vulnerabilities to social engineering attacks targeting payroll systems through executive impersonation.