[BreachExchange] University of Louisville: Tax information of some employees hacked

Audrey McNeil audrey at riskbasedsecurity.com
Mon Apr 10 18:38:36 EDT 2017 

http://www.bizjournals.com/louisville/news/2017/04/07/u-
of-l-tax-information-of-some-employees-hacked.html

Tax information for dozens of University of Louisville employees has been
compromised after a hack of the online system the university uses to give
employees access to tax documents.

John Karman, university director of media relations, said Friday the
university confirmed that 83 employees' W-2 forms were downloaded or
accessed without authorization from the university or the employees. The
apparent purpose of the hack was to get W-2s and "fraudulently file tax
returns to obtain refunds and/or commit other fraudulent activities,"
according to the U of L human resources website.

U of L uses W-2 Express, a product of Equifax Inc. (NYSE: EFX), to provide
employees access to W-2 forms and other tax documents. This system was
hacked, but it isn't clear where the hack happened.

According to a universitywide memo from Jeanell Hughes, university
associate vice president of human resources, dated April 4, the U of L "has
no indication that any systems or servers at the (U of L) have been
involved or impacted."

Pamela C. Stevens, an Equifax public relations senior director, said in an
email that Equifax was investigating the incident, calling the unauthorized
access "alleged."

"Based on the investigation to date, Equifax has no reason to believe that
its systems were compromised or that it was the source of the information
used to gain access to the online portal," that email reads.

According to Hughes' memo, "Equifax is aware of similar activity involving
other organizations and is working with clients to resolve the incidents."

According to the U of L human resources website, "(t)he full extent of the
problem may not be known until after the tax-filing season."

The website also states that Equifax's believes that the hackers used
personal information was used to gain access to employee accounts.

Equifax has identified up to 750 employees whose "accounts show potential
suspicious activity," according to the memo, even though the activity may
be legitimate. The memo states Equifax will alert these employees by campus
email and U.S. mail by April 7 to "provide assistance and credit monitoring
service."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170410/bd4f7122/attachment.html>

More information about the BreachExchange mailing list