MUNCIE, Ind. — A letter signed by Muncie Mayor Dan Ridenour says there has been a data breach involving Muncie city employees' personal information.
The breach involves W-2s that the letter says "may have been subject to unauthorized access." The breach was the result of what the letter calls a "sophisticated social engineering scheme."
The letter says the city learned of the breach on July 12. A review of whose data may have been accessed was finished on July 15. The letter to employees that may have been impacted is dated Aug. 8, more than two weeks later.
The letter says the city is working with law enforcement to conduct an investigation.
RELATED: AT&T data breach: Were you affected?
According to the letter, the city has not found evidence anyone has tried to misuse the information, but they are offering online identity monitoring services through Kroll. Those services will last one year. The services include credit monitoring, fraud consultation and identity theft restoration.
The city is urging people who may have been impacted to monitor their account statements and credit history. The letter says anyone who spots suspicious activity should contact their "financial institution or company."
13News has reached out to the city of Muncie to find out how may employees were impacted and how the social engineering scheme that led to the breach worked. As of the release of this article, we have not heard back.
RELATED: What to do after a data breach
What to do after a data breach
Carrie Kerskie, an identity theft, restoration and prevention specialist, said – if it's your username and password – the solution is simple.
"Change your password," Kerskie said. "If you use that password anywhere else, change it there, too."
Kerskie said this is one of the reasons you should not recycle passwords.
If your bank or credit card information is at risk, Kerskie said to contact the financial institution.
"Tell them the information has been exposed, and they may give you a new account or a new credit card," Kerskie said.
You can also set alerts for charges over a certain dollar amount.
If your social security number is at risk, Kerskie explained that a credit freeze is the best defense.
"It tells the bureaus they are not allowed to release your credit report for any new credit applications," Kerskie said. "If somebody tries to frequently apply for a new credit card, for example, using your information, the credit card company doesn't see the report, they can't make a financial decision, the account doesn't get opened."
A freeze needs to be done with each bureau – Experian, Equifax, TransUnion and Innovis – and it can be done online.
Credit monitoring is different from a credit freeze. Monitoring services let you know after there is a problem rather than preventing the problem.
To obtain a copy of your credit report, the government authorized site is AnnualCreditReport.com.
The FTC said, "Federal law gives you the right to get a free copy of your credit report every 12 months from each of the three nationwide credit bureaus. In addition, the three bureaus have permanently extended a program that lets you check your credit report from each once a week for free at AnnualCreditReport.com. Also, everyone in the U.S. can get six free credit reports per year from Equifax through 2026 by visiting AnnualCreditReport.com. That’s in addition to the one free Equifax report (plus your Experian and TransUnion reports) that you can get annually atAnnualCreditReport.com."