After Equifax recently sent out IRS W-2 statements to most of its current employees and some former employees, they discovered that some employees’ control ID numbers were partially or completely viewable in the return address window of the envelope used by the payroll vendor. In an unspecified number of cases for U.S. employees, the control number was the employees’ Social Security numbers instead of the intended unique 9-digit number. According to a notification provided to the New Hampshire Attorney General’s Office, the breach did not affect those employees at TALX, Rapid Reporting, and IXI business units.
Equifax has notified everyone potentially affected by the payroll vendor’s mistake and has offered them one year of free credit monitoring of their Equifax credit files. The payroll vendor was not named.