t

W-2 wage information of Kent city employees ‘inadvertently disclosed’ | Update

Full names, addresses and Social Security numbers released in an email from one employee to another

A city of Kent staff member “inadvertently disclosed to (another city) employee a file containing the 2020 W-2 Wage and Tax Statement information for all city employees,” according to an email sent by Chief Administrative Officer Pat Fitzpatrick to city employees.

In the Friday, Aug. 19 email, Fitzpatrick said he was writing to employees to let them know their personal information had likely been exposed to a fellow staff member.

“The city takes the protection of your personal information very seriously and I am contacting you directly to explain what occurred and the steps taken in response to the incident,” said Fitzpatrick, according to the email.

A person anonymously provided the email Monday, Aug. 22 to the Kent Reporter.

“On Friday, Aug. 12, an employee of the Police Department requested their personal W-2 and payroll information from 2020,” Fitzpatrick said in the email. “Later that day, a staff member inadvertently disclosed to the employee a file containing the 2020 W-2 Wage and Tax Statement information for all city employees.

“Believing the email and attachments received at their city email address were in response to their request, and without opening the attachment, the PD employee forwarded the information to a personal email account they share with their significant other. Once the employee opened the email attachment from their personal email account, they recognized they were provided information they should not have been provided and quickly notified the city to report the matter.

“The PD employee was contacted the following day and directed to delete the email from their personal email account. In follow-up communications, the PD employee confirmed that the email and W-2 information was not shared and was deleted from their personal email account, including their inbox and their deleted emails. IT also removed the email from the sender’s and recipient’s sent, received and deleted email files.”

Fitzpatrick explained what information was disclosed

“Information that was disclosed includes full names, addresses, Social Security numbers, salary information, and other related information found on a W-2 Wage and Tax Statement for those employed in 2020,” Fitzpatrick said in the email. “This inadvertent disclosure was discovered quickly, remedial action was taken promptly, and no personal identifiable information of any employee was recorded, retained, or otherwise used.”

Fitzpatrick said what steps city staff will take.

“While we are satisfied the disclosure did not occur as a result of nefarious actions and was not and will not be used for nefarious reasons, we are investigating the root cause of the inadvertent disclosure and will take appropriate steps to ensure, to the best of our ability, that this does not occur again,” Fitzpatrick said.

The city had about 734 employees in 2020, according to city budget documents.

Second email to employees

Fitzpatrick sent a second email to employees Monday, Aug. 22, which the Kent Reporter obtained through a public records request.

Fitzpatrick said that when city emails are sent to private emails – the emails are automatically encrypted while in transmission.

“For this reason, when it was sent outside of the city, it was not at risk of being accessed by someone that did not have direct access to the receiving employee’s personal email account,” Fitzpatrick said. “The receiving employee recognized the problem, notified the city as soon as the attachment was discovered, and did not share the attachment or its contents. Further, IT will remove (or has removed) the email from the city’s system and the employee will be signing a legal declaration that it was not shared with others.”

Fitzpatrick said through the city’s insurer, it has a law firm on retainer for these type of incidents.

“We have access to attorneys who are former federal prosecutors and national experts in the fields of cyber security and data breach, and they have on hand technical IT experts that assist them,” Fitzpatrick said. “The city also has a very knowledgeable IT group dedicated to cyber security. The risk of outside access was extremely low, all of the information available points to there being no outside access, and this incident did not meet the threshold of legal notice requirements.”

Fitzpatrick concluded the email with the following statement.

“I know this is unnerving and disappointing, and we are taking steps to ensure this does not happen again,” he said. “As an aside, I have a meeting with IT and the mayor (Dana Ralph) already scheduled on the topic of security and encryption for next week.”

Employee notice

In an Aug. 22 email to the Kent Reporter, Fitzpatrick said under state law, this accidental disclosure, which was reported within hours of its occurrence, did not trigger a legally required notification to affected employees.

“Notice was not required because the accidental disclosure here was not a qualifying breach under state law or made to a malicious actor,” he said. “Had the disclosure required notification, the city would have had 30 days within which to provide notice, as the law recognizes the need for a reasonable amount of time to determine what happened before issuing notice.”

Despite no required notification, the city let employees know about the incident.

“While notice was not legally required, administration determined that voluntary notification to the city of Kent family was appropriate,” Fitzpatrick said.

Fitzpatrick explained the reasons the city didn’t sent out notice right away but waited about a week.

“When the incident was discovered on a Friday evening, the city’s immediate and primary focus was to prevent further dissemination of the information,” he said. “Once that was accomplished, the city took steps to remove the information from computer servers. The effort then shifted to learning what happened and why. This was to ensure the city could provide accurate information to employees in order to prevent confusion and avoid unanswered questions. Once the specifics were determined, notice was provided to employees.”


Talk to us

Please share your story tips by emailing editor@kentreporter.com.

To share your opinion for publication, submit a letter through our website https://www.kentreporter.com/submit-letter/. Include your name, address and daytime phone number. (We’ll only publish your name and hometown.) Please keep letters to 300 words or less.

More in News

Photos by Bailey Jo Josie/Sound Publishing
Official ribbon cutting for the Kent Valley Bezos Academy, which is still accepting applications for the 2024-2025 school year.
Kent Valley Bezos Academy offers student-driven preschool experience

New school offers free enrollment to children of income-eligible families

COURTESY PHOTO, King County
Driver reportedly going 111 mph in Kent fatal collision

SeaTac man, 33, faces vehicular homicide, reckless driving charges in Nov. 4 death of 38-year-old woman

A National Civics Bee in Arizona. COURTESY PHOTO, Civics Bee
Kent Chamber of Commerce to offer civics contest for middle schoolers

Essay competition first step as part of 2025 National Civics Bee

t
Kent Police help catch alleged prolific graffiti vandal

Tacoma man reportedly had guns, spray paint, rappelling harness and book about taggers in vehicle

COURTESY PHOTO
State Sen. Karen Keiser will officially retire Dec. 10 from the Legislature after 29 years in office.
Process begins to replace retiring state Sen. Karen Keiser

33rd Legislative District Democrats will nominate candidates to King County Council

t
Kundert pleads not guilty in Kent cold case murder

Faces charge of strangling Dorothy Silzel, 30, in 1980 at her condo

Dave Upthegrove. COURTESY PHOTO
Upthegrove looks forward to role as state lands commissioner

Des Moines Democrat will leave King County Council after election victory

COURTESY PHOTO, Kent School District
Kent School District levy passing after initially failing | Update

Nov. 12 results: Yes votes up by 602 with more ballots to be counted

File Photo
Kent Police arrest Texas man in 2013 sexual assault of 6-year-old girl

DNA match reportedly identifies 31-year-old man stationed in 2013 at Joint Base Lewis-McChord

Kent police investigate fatal two-vehicle collision

The collision killed a woman and left a 45-year-old Tacoma driver, suspected of intoxication at the time of the crash, hospitalized.

Competing for the 8th Congressional District: Carmen Goers, left, and Kim Schrier. COURTESY PHOTOS
Adam Smith and Kim Schrier will retain Congress seats | Election 2024

Smith represents the 9th Congressional District and Schrier represents the 8th Congressional District.

Courtesy of Democratic Caucus
Pictured left to right: Sen. Bob Hasegawa (D), Rep. David Hackney, and Rep. Steve Bergquist
Democratic incumbents in lead for 11th Legislative District

Bob Hasegawa, David Hackney and Steve Bergquist have strong leads, with Hasegawa and Hackney running unopposed.