So, as I had guessed, it’s not just Stanford University and Kroger who are notifying employees that criminals managed to access the database of W-2 Express, an Equifax service. While the W-2 Express database does not appear to have been hacked, criminals have managed to access it by using login credentials possibly acquired in other breaches.
Northwestern U. issued this statement on Thursday:
Northwestern University employees will be offered free credit monitoring and identity theft protection for at least a year, University officials announced today.
The coverage, which will be offered through Equifax, Inc., will be “ID Patrol” service, a high level of credit monitoring and identity theft protection. Both services will be available for at least a year and will be offered to all individuals who were issued a W-2 form through Northwestern for 2015.
Approximately 150 Northwestern employees reported problems filing their federal income tax return or other issues related to their income tax. The Internal Revenue Service has said this has been a national problem for the past few years, and other universities are reporting similar problems this year. Reports of tax fraud involving Northwestern faculty and staff have occurred previously, but it appears to have increased this year.
Northwestern University conducted an investigation of its computer systems and a similar review with Equifax, the company that provides W-2 services to Northwestern. The investigations revealed that approximately 300 employees, including a number of those who previously had reported tax-filing problems, had their W-2 information accessed from what appear to be suspicious locations.
In order to access the W-2 information, a person needed to have the employee’s Social Security number and date of birth. There is no indication that personal information was accessed by a data breach of either the Northwestern or Equifax systems, but it was apparently obtained elsewhere previously and then used to access the Equifax system and obtain the W-2 information.
“Although the data breach of personal identification information does not appear to have come from Northwestern or Equifax, we understand the concern that this has created for some of our faculty and staff members, and we deeply regret the inconvenience, frustration and significant time that affected individuals have had to spend as a result of this issue,” said Pam Beemer, vice president for human resources.
“By offering the free credit monitoring and identity theft protection, we hope this helps provide some peace of mind and ongoing protection,” Beemer said.
Information detailing how to sign up for the services will be emailed this week and sent by mail to all faculty and staff. If more immediate assistance is needed, please contact Anne Fish at [email protected], Lindsay Greco at [email protected], or [email protected].
The University will be conducting a full review of its W-2 and other tax form distribution practices in advance of the next tax reporting cycle and will be assessing options for ongoing credit services coverage.