In May 2012, California’s Dept of Social Services notified over 700,000 In-Home Supportive Services providers and recipients that their payroll data, including Social Security numbers, had been lost in the mail.
In December 2012, 14,000 In-Home Supportive Services were notified that their personal information, including Social Security numbers, had been exposed on the Internet.
Now Homebridge (formerly In-Home Supportive Services) is notifying an undisclosed number of employees that their names, addresses, and Social Security numbers were acquired by criminals who managed to insert malware on a number of Homebridge computers containing Human Resources information. The malware may have been inserted on January 24, 2015, but wasn’t discovered until March 13, 2015.
Worse, Homebridge reports that it appears that the information has already been misused in some cases to file for fraudulent tax refunds.
In response to this breach, Homebridge offered employees one year of identity theft and credit protection services from ID Guard. One year? I wouldn’t settle for that if there are already reports of possible misuse of the information for tax refund fraud.
You can read their notification on the California Attorney General’s web site.