[BreachExchange] Thieves hack W-2s of 1, 300 employees at Rockhurst University

Inga Goddijn inga at riskbasedsecurity.com
Thu Apr 14 00:08:40 EDT 2016


http://www.kansascity.com/news/local/crime/article71627842.html

Rockhurst University on Wednesday notified about 1,300 employees that
someone had stole personal information from their IRS W-2 forms through a
data breach.

The theft, which includes Social Security numbers, occurred April 4 and was
discovered April 6. None of the victims has reported any loss from the
phishing incident, school officials said Wednesday.

They said the theft had been reported to the FBI, police and the IRS.

In a letter <http://ww2.rockhurst.edu/databreach>, University President
Thomas B. Curran apologized to victims for the disruption in their personal
and professional lives.

“I’m angered that someone chose to victimize our institution and the good
people that contribute to its important work,” Curran wrote. “And I
acknowledge and accept that you may be angry, frustrated and/or frightened,
but I ask and hope for your participation and assistance in addressing this
situation.”

Rockhurst says the breach occurred when someone impersonating a university
administrator requested W-2 information and provided a bogus email address.

“We are taking steps to notify and train employees so that they are more
able to recognize these sophisticated fraud schemes,” Curran wrote.

The university also said it is arranging identity theft and credit
monitoring protection at no cost for two years to the employees.

The theft affected all employees who worked at Rockhurst
<http://ww2.rockhurst.edu/about> during 2015. W2s include employees’ names,
addresses, incomes and Social Security numbers — information that thieves
can sell or use to file bogus tax returns and claim fraudulent refunds.

The IRS told Rockhurst it would be on the lookout for such returns,
university officials said.

The Government Accountability Office recently studied fraudulent refunds
after reports from the IRS that it prevented $24.2 billion in payments to
identity thieves in 2013 but paid $5.8 billion in federal returns that were
later determined to be fraudulent. The GAO called such scams a “large,
continually evolving threat that is costing taxpayers billions of dollars
per year.”

Last month, the IRS sent a notice to employers’ payroll departments about
spoofing emails seeking W-2 information. The IRS said it has seen a 400
percent increase in phishing and computer malware cases this tax season.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160413/5f10a414/attachment.html>


More information about the BreachExchange mailing list