The city of Baltimore, Maryland is working with federal and state authorities to determine how the personal information of dozens of city employees was stolen and used to file fraudulent tax returns, the Baltimore Sun reports.

On March 14, all city employees were notified of the potential breach and warned that they may be at risk of fraud. Current and prior employees are being offered free access to credit monitoring services.

City spokesman Howard Libit told the Sun that the pool of affected employees could be larger than officials currently know. The affected employees work for several different city agencies -- it's not clear what connection there may be between them.

"They're related, as far as we know, only by the fact that they're city employees," Richard Forno, assistant director of the Center for Cybersecurity at the University of Maryland, Baltimore County (UMBC), told the Sun. "There's still not enough to go on to say the city is to blame here."

Donald F. Norris, director of the School of Public Policy at UMBC, told the Sun that local governments and other organizations that face serious financial constraints simply aren't able to keep up with technological advances, because the modes of attack keep changing.

The 2016 Vormetric Data Threat Report found that government agencies' leading barriers to adoption of better data security include concerns about complexity (51 percent), skill shortages (44 percent), and budget limitations (43 percent).

The report, based on a survey of 1,100 senior IT executives (including more than 100 in federal government agencies), was issued in conjuction with 451 Research.

Sixty-one percent of government agencies acknowledged having experienced a data breach, and almost one in five experienced a breach in the past year. Ninety precent of respondents said they feel vulnerable to data threats.

Still, 58 percent are planning to increase spending to offset threats to data, and 37 percent are increasing spending on data-at-rest defenses this year.

Top categories for increased spending among government respondents were network defenses at 53 percent, followed by analysis and correlation tools at 46 percent.

"Public sector organizations need to realize that doing more of the same won’t help us achieve an improved data security posture," Vormetric vice president of marketing Tina Stewart said in a statement.

"More attention must be paid to techniques that protect critical information even when peripheral security has failed, and data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this," Stewart added.

Recent eSecurity Planet articles have offered advice on securing sensitive data in a post-perimeter world, and provided 10 tips on mitigating data breaches.

Photo courtesy of Shutterstock.