Stolen W-2 Forms Leaves Stanford University Employees Vulnerable to Fraud
Not long after the news broke out about the theft of W-2 information from Pivotal Software and Kentucky State University, Stanford University employees are exposed to possible tax fraud and identity theft from stolen W-2 forms. According to an alert issued by the Department of Public Safety and Information Security Office, Stanford employee W-2 forms were fraudulently downloaded after hackers infiltrated the systems of W-2Express, a third-party service.
The downloads required prior knowledge of Social Security numbers and dates of birth, which are subsequently used to login and download the W-2 forms. The breach was discovered while Stanford officials were investigating a few fraudulent tax returns that had been filed. Around 3,500 W-2 forms of Stanford employees were downloaded, with at least 600 of them identified as fraudulent.
“The perpetrators were already in possession of this personal information, which was subsequently used to log in and download the W-2 forms. At this time, we have no reason to believe that this sensitive information was obtained from Stanford systems”, Randy Livingston, vice president for business affairs and CFO at Stanford posted.
[READ: How can you stay safe from tax fraud?]
In response to the breach, Stanford is working with the credit bureau Equifax and the school’s Department of Public Safety to alert those who might have been affected. Equifax will provide free credit monitoring, fraud alert, and other services for all affected employees for a year. Additionally, W-2Express has been temporarily shut down to prevent further unauthorized access and will be restored as soon as a more secure authentication method is in place.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases