Stolen W-2 Forms Leaves Stanford University Employees Vulnerable to Fraud
Not long after the news broke out about the theft of W-2 information from Pivotal Software and Kentucky State University, Stanford University employees are exposed to possible tax fraud and identity theft from stolen W-2 forms. According to an alert issued by the Department of Public Safety and Information Security Office, Stanford employee W-2 forms were fraudulently downloaded after hackers infiltrated the systems of W-2Express, a third-party service.
The downloads required prior knowledge of Social Security numbers and dates of birth, which are subsequently used to login and download the W-2 forms. The breach was discovered while Stanford officials were investigating a few fraudulent tax returns that had been filed. Around 3,500 W-2 forms of Stanford employees were downloaded, with at least 600 of them identified as fraudulent.
“The perpetrators were already in possession of this personal information, which was subsequently used to log in and download the W-2 forms. At this time, we have no reason to believe that this sensitive information was obtained from Stanford systems”, Randy Livingston, vice president for business affairs and CFO at Stanford posted.
In response to the breach, Stanford is working with the credit bureau Equifax and the school’s Department of Public Safety to alert those who might have been affected. Equifax will provide free credit monitoring, fraud alert, and other services for all affected employees for a year. Additionally, W-2Express has been temporarily shut down to prevent further unauthorized access and will be restored as soon as a more secure authentication method is in place.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale