Los Angeles County Office of Education Investigates Potential Data Breach Following Fraudulent Tax Filings
Learn More
The Los Angeles County Office of Education (LACOE) is investigating a potential data breach after employees across multiple school districts reported fraudulent tax filings submitted in their names.
Attackers apparently gained access to the W2Copy portal, a third-party service used by LACOE to distribute electronic W-2 forms. A forensic investigation by the vendor found that all login activity during the period of concern used valid, system-recognized credentials.
This suggests that the threat actors used stolen credentials, possibly obtained through phishing or credential stuffing. The fraudulent activity was identified when employees attempted to file their taxes and received notifications from the IRS or the Franchise Tax Board regarding duplicate returns.
The potentially compromised data includes:
- Social Security numbers
- Full names of employees
- Dependent information
- W-2 tax document details
The number of affected individuals is not disclosed
In response to the reports, LACOE temporarily disabled access to the online W-2 portal and instructed employees to obtain physical copies from their human resources departments. The agency is working with external cybersecurity experts and the W-2 vendor to determine the exact point of compromise. W2Copy stated that its internal network showed no signs of a breach or unauthorized intrusion, emphasizing that the logins appeared legitimate.
Security professionals recommend that organizations implementing third-party tax portals enforce multi-factor authentication (MFA) to mitigate the risk of credential-based attacks. Affected individuals should monitor their credit reports, place fraud alerts on their accounts, and check their insurance or financial statements for unauthorized activity.
