Glastonbury — The executive director of the Connecticut Association of Public School Superintendents issued a warning via email on Monday to superintendents across the state after a second school district was tricked into releasing the W-2 tax forms of its employees.

On Friday, a member of the payroll office for Glastonbury Public Schools received an email from someone posing as another member of the payroll office and asking for the W-2 records, Superintendent Alan Bookman said Monday.

The employee responded and sent the tax forms, then realized it was a scam, he said. The breach involved 1,600 current, retired and former employees of Glastonbury schools, he said.

“It was a very legitimate appearing email address so it looked like it was legitimate,” Bookman said. “And then they contacted — when they realized what had happened — the finance manager who was in a meeting with me at the time, along with the director of technology.”

On Wednesday, the business office for Groton Public Schools received a similar fake request via email asking for W-2 forms. In Groton's case, the sender posed as the superintendent. The office gave out the forms of about 1,300 employees, then realized it had been tricked.

Joseph J. Cirasuolo, executive director of the Connecticut Association of Public School Superintendents, sent the warning shortly after 11 a.m. Monday.

“This is a warning about a scam that is being perpetuated via email,” he began. “In at least two school districts, staff in the business office have received email messages that appeared to come from the superintendent of schools or someone else with authority requesting copies of all the W-2s that the school system sent out.

"The emails were not from the superintendent or from anyone else with authority. Instead, the messages were sent from outside the school system by someone who wanted this information that they could not obtain through normal channels,” Cirasuolo wrote.

Groton Superintendent Michael Graner opened an internal investigation on Friday into the breach. Groton Town police were also investigating and working with the IRS. Graner arranged for credit monitoring of employees to protect them from theft. Graner also notified the state Office of the Attorney General, the FBI and the Connecticut State Department of Education immediately after he learned of the incident.

Bookman notified the Glastonbury Police Department, the FBI, the attorney general and the IRS, he said. The IRS has flagged employees’ information to watch for attempts to file fraudulent tax returns, Bookman said.

He notified school employees by email on Friday of the scam and was arranging for two years of credit monitoring and identity theft protection. He also planned to send letters to employees and former employees, he said.

Bookman said he spoke to Graner on Saturday about the incident in Glastonbury. Graner said he talked to Brookman about what Groton had done regarding notifying its insurance agent, the IRS and providing credit protection to employees.

"He was very appreciative," Graner said.

Both superintendents said they would review their training of employees on the handling of sensitive information. Bookman said the district has training but would likely emphasize to a greater extent that “it’s not appropriate” to send sensitive information via email.

Graner said Monday he is researching and developing cyber security email policies and protocols and would have staff trained in the protocols when they are complete.

In the email warning, Cirasuolo urged superintendents to “alert all relevant staff in your school district to not respond to any request of this type before checking with the person who appears to have sent the request. If the request is bogus, I further suggest that you inform the local police regarding the incident.”

d.Straszheim@theday.com