City of Amarillo employees’ personal information has been breached. 

Tuesday, the city learned the company conducting a required external payroll audit lost an encrypted flash drive containing sensitive personal information.

The audit is meant to make sure the city has no fraud in its payroll process, but now the personal information of city employees is at risk.

City Manager Jared Miller said Connor, McMillon, Mitchell and Shennum, PLLC (CMMS), had possession of a flash drive containing city employees’ names, addresses, bank deposit information, dates of birth, and social security numbers when it was lost or stolen.

Miller said all employees are aware of the breach and CMMS is offering one year of identity theft protection and credit monitoring as a result.

“We highly recommend that everybody utilize those services provided to ensure and do everything they can to protect their sensitive information and their identities,” said Miller.”

Miller told us the encrypted flash drive with the data in question would have been lost or stolen between last Friday and this Tuesday.

Police are looking into the security breach, but Miller said the city believes it was an accident.

According to Amarillo National Bank IT Director, Jeremy Monteith, for someone to access the missing flash drive, they would need to know the layered, password. For the average person, it is nearly impossible to hack. 

Monteith said the biggest risk for bank fraud or identity theft is in what we share with the world.

“Little bits of information, whether it’s on social media and Facebook or on Twitter, builds a whole profile for the bad guys to know who you are and that’s really where our identity gets taken.”

He recommends regularly changing passwords, making them complicated, and most importantly, never give out your personal information.

Whether you have been the victim of phishing attempts, scam phone calls, or your personal information is mishandled, Monteith said protecting yourself with credit monitoring and bank alerts are essential.

“If your identity’s been exposed, your true social, then that’s where you need to get with the credit reporting agencies and make sure you put a freeze on your account or a fraud alert on your account,” Monteith added, “Protect your data. It’s yours.”

Miller said the security breach only affects city employees who received a paycheck during the fiscal year between Jan. of 2017 and Sept. of this year.

The audit is still ongoing and the city said they are working with CMMS to try and find the flash drive and prevent the sensitive information from getting into the wrong hands.