CHARLOTTE, NC (WBTV) - The Charlotte Housing Authority (CHA) is working to correct a data breach they say compromised personal and private information for current employees and some former employees.
According to CHA officials, the breach came in the form of an email requesting employee W-2 information. The email appeared to be from the CEO, and the requested information was sent before Jan. 19 when it was discovered that the request was made from a fraudulent account.
The IRS Tax Form W-2 sent in response to the request includes employee's names, employee's addresses, employee's Social Security numbers, and employee's wage information.
All current employees have been notified of the incident, and efforts are being made to notify former employees.
Along with a staff meeting explaining the situation, the CHA sent a letter to employees detailing the attack, the steps the CHA was taking, and steps employees to take to make sure their information was secure.
"We take the security of personal information very seriously. Therefore, we are implementing additional safeguards including but not limited to cyber security training for our employees," said CHA Senior Vice President of Public Relations Cheron Porter.
Officials say that residents and business partners of the CHA were not affected.
The incident was reported to law enforcement officials. Local and federal authorities are involved in the investigation.
The CHA is encouraging any former employees that have not spoken with staff to contact the CHA Human Resources Department.
Cybersecurity expert Theresa Payton said that the situation is very serious because it opens the CHA employees up to identify theft.
"Most of us are not going to get a new social security number, new maiden name, new address any time soon. Because it's permanent data that means the cybercriminals can play the long game," explained Payton. "They could wait a year, five years, 10 years and the data will still work for them if they want to do identity theft."
Payton said law enforcement refers to this type of hack as 'business email compromise' and explained that it is a true concern because it shows no sign of stopping. She said it has happened to big companies and small companies across the country.
"It's just one of those things that happens and the key is understanding the issue and having a plan, an incident response plan," said Payton.