Cyber Incident Victim: City of Keokuk

On January 30, 2018, the City of Keokuk discovered a data breach involving unauthorized access to sensitive employee information through a criminal phishing email. The breach occurred earlier that day when an attacker successfully obtained an electronic file containing 2017 Form W-2 tax documents for current and former city employees and elected officials. The phishing attack specifically targeted city systems but did not compromise credit card details, bank account information, or affect employees hired during the 2018 calendar year. Upon detection, city administrators immediately initiated an internal investigation and reported the incident to law enforcement authorities. The stolen W-2 forms contained personally identifiable information typically included in tax documents, though the exact number of affected individuals was not disclosed in public statements.

The City of Keokuk coordinated with the Keokuk Police Department and federal law enforcement agencies to investigate the breach, though no suspect had been identified as of February 4, 2018. Impacted individuals received notification through U.S. Mail and were offered complimentary credit monitoring and identity theft protection services. City Administrator Aaron Burnett confirmed the municipality prioritized containment and victim support while maintaining regular operations. The city's public statement emphasized their commitment to information security and pledged continued measures to protect sensitive data, though no specific technical details about the phishing mechanism or system vulnerabilities were disclosed. Forensic analysis confirmed the breach scope remained limited to the 2017 W-2 forms with no evidence of subsequent unauthorized access or expanded data compromise beyond the initial theft.