Two members of the City Council were among those whose information was exposed, Purcell said.
The Sausalito Police Department is investigating the breach. The FBI has been made aware of the case but has not opened a probe into it, according to Prentice Danner, a spokesman for the FBI's San Francisco division.
The worker who inadvertently handed over personal information of government employees was responding to an email that purported to be from a city official, Purcell said. The worker sent the data in an attachment to an email.
"In trying to be responsive to a request for information from the city manager, she jumped ahead of herself and sent out stuff that should not have been sent out," Purcell said, emphasizing that the city responded aggressively to the breach.
"The employee who released the information actually notified me as soon as she realized what it was, so we were able to jump on it very quickly," Purcell said.
There are no signs yet that the information has been used, she said.
The city has encouraged its employees to contact their financial institutions and credit reporting agencies to file fraud alerts and request consumer protection measures. Sausalito is also offering a free year of credit monitoring services to its workers.
The breach prompted CalPERS to begin an "administrative lock" on all of the city employees whose information was released, according to another letter sent to workers on Feb. 2. The lock, the letter explains, requires employer verification when an account is viewed or changed.
To prevent a similar hack, Sausalito is looking into strengthening its spam filters for city agency computer systems and creating new rules that employees would need to follow before they communicate about worker information over email, Purcell said.
