There’s been an update to a previously noted breach report out of Stanford University. On April 12, I had reported that compromise of employees’ W-2 data had been linked to the university’s service vendor, W-2 Express, a service of Equifax. The breach did not appear to involve a breach of W-2 Express’s system or of Stanford University’s network. Rather, it appeared that criminals had obtained employee W-2 Express login credentials (birthdates and Social Security numbers) somewhere and used them to access the database.
Today, a kind site reader who wishes to remain anonymous alerted me to the fact that the university posted an update on April 25. From the update, it seems that it is still not clear how criminals obtained the employees’ birthdates and Social Security numbers that were used to access the W-2 Express database:
Stanford University is continuing its investigation into the unauthorized access to W-2 tax statements of university employees. Last week the university began mailing formal written notices to those employees believed impacted.
To date, the university has verified that more than 700 faculty and staff have been affected. In some cases, fraudulent tax returns were filed using the W-2 information. The W-2 information was fraudulently downloaded from a third-party vendor, W-2Express, an online service operated by the credit bureau Equifax. Downloads required knowledge of an individual’s Social Security number and birthdate, but at this time it is not known how the personally identifiable information was obtained.
The university is providing affected employees with two credit monitoring and protection service options at no charge for two years.
University officials are working closely with Equifax and law enforcement in the ongoing investigation. The university also is reviewing procedures to prevent this type of incident in the future. The online W-2Express service has been disabled.
Employees with questions about the status of their W-2 forms or personal information can call Stanford’s Financial Support Center at (650) 723-2772.
The university is providing instructions and guidance to impacted employees to help them take further steps to protect against the fraudulent use of their identity. The Information Security Office provides specific guidance to the Stanford community on how to avoid, detect and handle identity theft.