upper waypoint

Sausalito City Government Hit With Cybertheft

Save ArticleSave Article
Failed to save article

Please try again

Sausalito in Marin County (Daniel Ramirez/Flickr)

The personal information of scores of current and former Sausalito government employees was exposed in an email phishing scam late last month.

The names, addresses, Social Security numbers and income records of 147 city employees were inadvertently emailed to someone claiming to be a Sausalito official, according to Melanie Purcell, the city's administrative services director.

"I wouldn't wish this on anybody," Purcell said in an interview. "There's a level of really feeling bad that we put employees in this position to deal with it."

A city worker emailed last year's W-2 tax forms to an "unknown, unauthorized third party" on Jan. 30.

The following day Sausalito employees received a letter, notifying them of the breach. The city says it told the Internal Revenue Service, Federal Trade Commission and the California Franchise Tax Board about the cyberthefts.


Two members of the City Council were among those whose information was exposed, Purcell said.

The Sausalito Police Department is investigating the breach. The FBI has been made aware of the case but has not opened a probe into it, according to Prentice Danner, a spokesman for the FBI's San Francisco division.

The worker who inadvertently handed over personal information of government employees was responding to an email that purported to be from a city official, Purcell said. The worker sent the data in an attachment to an email.

"In trying to be responsive to a request for information from the city manager, she jumped ahead of herself and sent out stuff that should not have been sent out," Purcell said, emphasizing that the city responded aggressively to the breach.

"The employee who released the information actually notified me as soon as she realized what it was, so we were able to jump on it very quickly," Purcell said.

There are no signs yet that the information has been used, she said.

The city has encouraged its employees to contact their financial institutions and credit reporting agencies to file fraud alerts and request consumer protection measures. Sausalito is also offering a free year of credit monitoring services to its workers.

The breach prompted CalPERS to begin an "administrative lock" on all of the city employees whose information was released, according to another letter sent to workers on Feb. 2. The lock, the letter explains, requires employer verification when an account is viewed or changed.

To prevent a similar hack, Sausalito is looking into strengthening its spam filters for city agency computer systems and creating new rules that employees would need to follow before they communicate about worker information over email, Purcell said.

lower waypoint
next waypoint
Federal Judge Orders New Sentencing Hearing for David DePape in Trial Over Pelosi AttackSome Bay Area Universities Reach Deal to End Encampments, but Students Say Their Fight ContinuesAfter Months-Long Coma, This Latino Immigrant Worker Is Still Fighting Mysterious Long COVID SymptomsCalifornia Promised Health Care Workers a Higher Minimum Wage — but Will Newsom Delay It?Eighth-Grader's Call to 911 About Teacher's Outburst Causes StirDavid DePape Sentenced to 30 Years in Federal Prison for Attack on Nancy Pelosi's HusbandFree Key Choir: 'What's in a Name'Newsom Says California Water Tunnel Will Cost $20 Billion. Officials and Experts Say It's Worth ItAntisemitism Is on the Rise, but Defining It Is Harder Than Condemning ItImpact of California Fast Food Worker Wage Increase Still Too Early to Gauge