Cyber Incident Victim: City of Enumclaw
Date:
Feb 2018
Location:
United States of America
Summary
The City of Enumclaw fell victim to an email spoofing attack where an impersonator posing as city administration fraudulently obtained copies of employee W-2 forms containing sensitive personal information. The compromised data affected hundreds of employees, with the breach discovered one day after the fraudulent request was fulfilled but employees were not notified until two days later, delaying awareness of the exposure. This incident caused significant concern among staff regarding potential identity theft risks, prompting the municipality to file a police report and offer fraud protection services. A local tax professional noted affected individuals were advised to file taxes promptly to mitigate further exploitation of their information, though tracking the perpetrator was deemed challenging.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 5, 2018, the City of Enumclaw received an email appearing to originate from a legitimate city administration address requesting 2017 employee W-2 information. The fraudulent request, later identified as a spoofing attack, successfully deceived city staff into transmitting copies of W-2 forms containing sensitive personal and financial data for hundreds of employees. City officials discovered the deception on February 6 but did not notify affected employees until 7:53 p.m. on February 7 via email—a delay that resulted in some staff not seeing the alert until February 8. The compromised data included Social Security numbers, addresses, and income details, exposing employees to potential identity theft and tax fraud. Enumclaw filed a citywide identity theft report with local police, though investigators noted difficulties in tracing the perpetrator due to the spoofed email's origin.
The incident caused significant concern among city employees, with union representatives describing affected members as "very confused" and feeling "betrayed" by the breach of trust. Multiple employees sought assistance from local tax professionals to file returns urgently, attempting to preempt fraudulent claims using their stolen information. The city offered to cover fraud protection services for impacted staff, though tax experts cautioned this might not fully address potential long-term consequences. An East Coast attorney retained by the city declined media inquiries about the incident, while all municipal departments directed questions to this legal representative. Enumclaw's internal investigation confirmed the attacker impersonated city leadership through email spoofing but did not publicly disclose technical details about the compromise or whether additional systems were accessed.