Employees at two school districts on opposite ends of Los Angeles County had fraudulent tax filings submitted in their names, so the Los Angeles County Office of Education temporarily disabled access to online W-2 forms.
The Los Angeles County Office of Education (LACOE) is investigating a potential data breach after employees across multiple school districts reported fraudulent tax filings submitted in their names. The incident has raised serious concerns about the security of electronic tax documents, particularly W-2 forms managed through centralized payroll systems.
According to LACOE, the issue came to light when teachers and administrators began receiving official notices indicating duplicate tax returns had already been filed using their personal information. While the full scale of the incident remains unclear, early reports confirm that employees in multiple districts across Los Angeles County have been impacted.
Van Nguyen, Public Information Officer for LACOE, stated that the agency is actively investigating the situation in collaboration with external experts and its W-2 service provider. Nguyen stated, “The Los Angeles County Office of Education is currently investigating fraudulent tax return filings from some employees both in our organization and in some L.A. County school districts.” Updates will be provided as the investigation moves forward.
LACOE provides payroll services to more than 150,000 employees across over 100 school districts, community colleges, and charter schools, making the potential scope of the incident significant. However, the agency has not disclosed how many employees or districts may be affected at this stage.
The Los Angeles Unified School District and Long Beach Unified School District, the two largest districts in the county, confirmed that their employees were not impacted, as they do not rely on LACOE’s electronic W-2 portal.
Karla Estupinian, spokesperson for the Lancaster School District, confirmed that employees within her district have received notifications of fraudulent tax filings. She noted that the number of affected individuals is still growing as more employees complete their tax filings. Estupinian stated, “We’re still in the early stages of this, and we’re really waiting to hear back from LACOE,” noting that the problem seemed to be more widespread than just one district.
LACOE works with a third-party vendor, W2Copy, to distribute electronic tax documents. In response to the incident, W2Copy temporarily disabled access to its W-2 portal as a precautionary measure. The company also initiated a third-party forensic investigation into its systems.
In its statement, W2Copy said no evidence of a system breach was found. The investigation determined that all portal access during the review period involved valid credentials and standard authentication processes, with no signs of unauthorized access, credential misuse, or security bypass.
Despite these findings, LACOE officials have warned that Social Security numbers may have been used to file fraudulent tax returns. In a joint communication, Chief Technology Officer Jose Gonzalez and Chief Financial Officer David Hart informed school administrators that some cases may also involve the misuse of dependent information.
They emphasized the broader cybersecurity risks facing public institutions, stating that such incidents reflect a growing landscape of identity theft and cyber threats. Employees have been urged to remain vigilant and take immediate action if they receive notices from the IRS or California’s Franchise Tax Board regarding duplicate filings.
As part of its response, LACOE has temporarily disabled access to online W-2 forms. Employees requiring their tax documents have been advised to contact their respective human resources departments. The agency has also distributed guidance outlining steps individuals should take if they suspect tax-related identity fraud.
The incident highlights the increasing frequency of cyber-related disruptions targeting educational institutions. In recent years, several school districts in California have faced similar attacks involving the exposure of sensitive employee and student data, often with delayed discovery until financial or tax-related anomalies surface.
With the investigation ongoing, LACOE continues to work with affected districts and cybersecurity experts to determine the root cause and extent of the incident, while reinforcing measures to safeguard employee data against future threats.
Recommended Cyber Technology News :
- Cardio Fit Medical Group Data Breach Exposes PHI
- T-Mobile Clarifies Details on Latest Data Breach Filing
- Northeast Spine Data Breach Exposes 7K N.J. Patients
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
