Someone or a group has stolen personal information from an unknown number of Baltimore City employees and filed fraudulent tax returns, the city announced Thursday to all employees.
The data breach was discovered Thursday, and it was not immediately clear how many employees were affected or when the theft occurred, said Howard Libit, spokesman for Mayor Stephanie Rawlings-Blake.
"We are currently trying to assess the scope," Libit said. "As we determine who has been affected, the city is certainly going to take the appropriate steps in terms of providing credit monitoring and other services."
Baltimore City is the latest agency to be electronically targeted.
The computer system at MedStar Health was attacked two weeks ago, which forced thousands of employees in the state's second-largest health care provider to resort to paper medical records and transactions. Last year it was revealed that hackers had breached networks of the federal Office of Personnel Management and made off with the private data of at least 21 million people.
The FBI and Baltimore police are investigating the theft of city data, Libit said. An email was sent Thursday evening warning all city employees.
"We have not seen it limited to a specific agency of city government," Libit said.
The breach was revealed when a "few dozen" city employees attempted to file tax returns and were rejected, he said.
Officials suspect that information such as Social Security numbers, names and birthdays were stolen. Libit said the Maryland attorney general and Internal Revenue Service were notified.
"Pay close attention to any unusual activities involving your credit or finances," city officials urged in the email.
In the MedStar incident, patient data was not compromised. But a ransom note indicated that MedStar was the victim of a ransomware attack, in which files are encrypted and held hostage for money. Hospitals in California and Kentucky have also fallen prey to recent ransomware attacks. In MedStar's case, the hackers demanded payment in the hard-to-trace digital currency bitcoin in exchange for the digital keys to unlock the encrypted data. The health system, which owns 10 hospitals in Washington and Maryland, including four in Baltimore, has said it did not pay a ransom to anyone.
Any city employee who has a tax return rejected, or experiences suspicious activity, is asked to notify city officials via firstname.lastname@example.org.
All employees, retirees and past employees could be affected, officials said in the email. Officials have pledged to hire a company to provide monitoring services for each person affected.
City officials also announced that they have shut down online access to payroll and tax information. Employees who must obtain a duplicate W-2, should go to the payroll office at 401 E. Fayette St. on weekdays, 8:30 a.m. and 4:30 p.m.
If an employee's tax return is rejected, the IRS recommends filing an Identify Theft Affidavit, or Form 14039, through the mail. The forms are available at www.irs.gov/pub/irs-pdf/f14039.pdf