Groton — Groton Public Schools suffered a major security breach Wednesday when an imposter sent an email posing as the superintendent of schools and obtained the W-2 forms of all district employees, Superintendent Michael Graner said.

Employees in the business office believed Graner was asking for the information and sent the W-2 forms of all 1,300 public school employees via email, Graner said. They then realized that he had not sent the request, Graner said.

“Whoever this is has all the information from the W-2 forms, which is, of course, a disaster,” he said Thursday.

The school department’s business office received the email asking for the information at about noon on Wednesday, Graner said. Although the sender pretended to be the superintendent, the email was not sent from Graner’s account, he said.

Multiple employees were involved in the breach, Graner said. After the email was sent, a woman in the business office commented to her husband that they’d had an unusual request, Graner explained. The husband works in cybersecurity for the government and said it didn’t sound right, Graner said. The school department then checked and realized that Graner had not sent the email.

“It wasn’t that the email account was hacked. She believed it was from me,” he said, adding, "It really raises the whole issue of making sure that we are implementing proper cybersecurity measures in the school district. That’s one obvious lesson that we’re learning in a painful way.”

Groton Town Police Chief Louis J. Fusaro Jr. said in a statement that police were contacted by the school district regarding the possible data breach. Detectives are working with the Board of Education and several other agencies on the investigation.

"While this investigation is in the preliminary stages, evidence suggests that information was provided through a Phishing scam," Fusaro said. "Groton Police advise the public to be cautions when providing any personally identifying information (PII) through e-mail or any other electronic means. Police also warn that there are several scams that the public should be aware of, including the deliberate targeting of public institutions.

On Jan. 25, the IRS, state tax agencies and the tax industry renewed a warning about an email scam that uses a corporate officer’s name to request employee W-2 forms from company payroll or human resources departments, according to an IRS news release.

The IRS already had been notified that the email scam was making its way across the country for a second time. It first appeared last year, the release said.

“Cybercriminals tricked payroll and human resource officials into disclosing employee names, (Social Security numbers) and income information. The thieves then attempted to file fraudulent tax returns for tax refunds,” the release said.

The scam, a version of “phishing,” is also known as a “spoofing” email, the release said. In one variation, the email contains the actual name of a chief executive officer, is sent to a payroll or human resource employee and requests a list of employees and information including Social Security numbers, the release said.

The spoofing email may ask for specifics, like “kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review,” the news release said.

On Feb. 2, the Internal Revenue Service issued an alert to all employers that the Form W-2 email phishing scam had evolved beyond the corporate world spreading to other sectors, including school districts, tribal organizations and nonprofits.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ IRS Commissioner John Koskinen said in the warning.

The school department notified Groton Town Police, the IRS and the Connecticut office of the Attorney General, Graner said. Police and the FBI are investigating, he said.

The FBI told Graner that the agency suspected the email had come from overseas and been sent to hundreds, if not thousands of school districts, Graner said. He notified the state Department of Education and the Connecticut Association of Public School Superintendents, he said.

The school department also reported the incident to its insurance agent and arranged for the purchase of a credit monitoring plan to protect employees. The IRS is sending an agent to Groton to speak to all school employees at 3 p.m. and 4 p.m. Friday about what happened and how to safeguard their financial records, Graner said.

He had not determined Thursday what, if any, disciplinary action might be taken regarding the employees, as he was first concerned with handling the immediate aftermath of the breach, he said. But he said the school department must take additional steps not only in its business office, but across the school system to ensure cybersecurity.

Kim Watson, chairwoman of the Groton Board of Education, said she was grateful that "corrective action was taken immediately" after the breach was discovered. But she said the district will need to respond to what occurred and consider questions like how employees should handle email requests.

d.straszheim@theday.com