Latest: Data breach impacting Ozaukee Co. employees didn’t happen internally, locally
OZAUKEE COUNTY — On Tuesday, March 8th the Ozaukee County Sheriff’s Office was advised of a data security breach to the Ozaukee County’s payroll and tax portal software “Greenshades”. The data breach was first learned of after numerous county employees reported having their tax returns filed fraudulently.
The investigation into the possible source of the data breach revealed on Sunday, February 14th numerous logins from suspicious IP addresses were made to approximately 200 employee Greenshades accounts.
During these suspicious logins, employee W-2 and 1095C tax forms were viewed. Employee personal identifying information that was potentially obtained included names, addresses, Social Security numbers, along with the names and Social Security numbers of family members who were covered under their insurance.
The investigation so far has determined that the data security breach did not take place internally or locally. The Ozaukee County internal security network has been tested and does not appear to have been breached. It appears the Greenshades software was breached from an out of state source.
The Ozaukee County Sheriff’s Office is working with the Department of the Treasury/Internal Revenue Service (IRS) and the Wisconsin Department of Revenue on this investigation.
The below letter was sent to Ozaukee County employees:
Dear Ozaukee County Employee,
We have been receiving notice from some of our employees that they have had fraudulent tax returns filed under their social security number. The employees involved were not aware of the theft until they filed their 2015 taxes and/or received notice of suspected identity fraud from the IRS. We have been working with our IT security consultants and the Sheriff’s department since the first reported incident.
Our internal security setup has been tested. It does not appear that the county network has been breached. However, we are perusing more rigorous testing and recommendations from our consultants. We are also in contact with all of the vendors who have your identity information.
Here is what we know so far: On February 14th of this year beginning at 4:13 a.m., suspicious IP logins were identified by Greenshades. It appears that someone exploited our Greenshades login and password format and began signing on Greenshades, with employee credentials. They viewed W2s and/or 1095’s for 190 employees and elected officials, on and off thru the afternoon of the 15th. We recently updated the security settings in Greenshades to enhance security and stop fraudulent access.
The Ozaukee County Sheriff’s Department is taking the lead on the investigation of the fraudulent tax returns. If you have had a fraudulent return filed in your name, or received any indication that you may have had your personal information compromised, please contact Lieutenant Marshall Hermann at firstname.lastname@example.org. Lieutenant Hermann has asked that you contact him via email only with any requests. This will ensure that all requests are properly logged, reviewed and responded to. The Sheriff’s Department is in contact with local IRS Agents and will be able to assist in the filing of the required police reports for the IRS. If you were one of the employees who had their personal information viewed in Greenshades from a suspicious IP address the Sheriff’s Department Detectives will contact you directly to investigate.
The County is also working with the County Mutual, our insurer, to coordinate a claim under our Cybersecurity Protection Insurance, the insurance provides additional coverage and expertise that we will utilize in the investigation and recovery from this incident.
Finally, the county is working with an identity protection agency and will provide coverage for all county employees. We are still coordinating this coverage and details will follow shortly.
Although Greenshades is currently secured, If you have not already changed your Greenshades password, you should do so as soon as possible. The information on how to change your password is attached. I have also attached information from the IRS on fraudulent tax returns.
This is all of the information that we have at this time, I will keep every employee updated as we work through these issues together. As one of the employees who has had a fraudulent return filed in my name I understand the difficulty that this causes and the impact that it has on our employees and our families.
Assistant County Administrator
Human Resources Director
121 W. Main Street
Port Washington, WI 53074
Phone – (262) 238-8202
Fax – (262) 238-8199