DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Northwestern U. notifies employees after breach involving W-2 Express

Posted on May 7, 2016 by Dissent

So, as I had guessed, it’s not just Stanford University and Kroger who are notifying employees that criminals managed to access the database of W-2 Express, an Equifax service. While the W-2 Express database does not appear to have been hacked, criminals have managed to access it by using login credentials possibly acquired in other breaches.

Northwestern U. issued this statement on Thursday:

Northwestern University employees will be offered free credit monitoring and identity theft protection for at least a year, University officials announced today.

The coverage, which will be offered through Equifax, Inc., will be “ID Patrol” service, a high level of credit monitoring and identity theft protection. Both services will be available for at least a year and will be offered to all individuals who were issued a W-2 form through Northwestern for 2015.

Approximately 150 Northwestern employees reported problems filing their federal income tax return or other issues related to their income tax. The Internal Revenue Service has said this has been a national problem for the past few years, and other universities are reporting similar problems this year. Reports of tax fraud involving Northwestern faculty and staff have occurred previously, but it appears to have increased this year.

Northwestern University conducted an investigation of its computer systems and a similar review with Equifax, the company that provides W-2 services to Northwestern. The investigations revealed that approximately 300 employees, including a number of those who previously had reported tax-filing problems, had their W-2 information accessed from what appear to be suspicious locations.

In order to access the W-2 information, a person needed to have the employee’s Social Security number and date of birth. There is no indication that personal information was accessed by a data breach of either the Northwestern or Equifax systems, but it was apparently obtained elsewhere previously and then used to access the Equifax system and obtain the W-2 information.

“Although the data breach of personal identification information does not appear to have come from Northwestern or Equifax, we understand the concern that this has created for some of our faculty and staff members, and we deeply regret the inconvenience, frustration and significant time that affected individuals have had to spend as a result of this issue,” said Pam Beemer, vice president for human resources.

“By offering the free credit monitoring and identity theft protection, we hope this helps provide some peace of mind and ongoing protection,” Beemer said.

Information detailing how to sign up for the services will be emailed this week and sent by mail to all faculty and staff. If more immediate assistance is needed, please contact Anne Fish at [email protected], Lindsay Greco at [email protected], or [email protected].

The University will be conducting a full review of its W-2 and other tax form distribution practices in advance of the next tax reporting cycle and will be assessing options for ongoing credit services coverage.

Category: Business SectorEducation SectorOtherU.S.

Post navigation

← I never meant harm, says student who hacked Canada Revenue to show vulnerability to Heartbleed virus
UK: Employers vicariously liable for data breaches caused by rogue employees →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.