By Shelby Brown–
Although university police first received a report of a hacker-filed employee tax return March 1, U of L didn’t know the breach was widespread until last week.
“The majority of the reports of fraudulent activity have come in the past week,” U of L spokesperson John Karman said in an April 7 email.
As the investigation into hacked U of L tax forms continues, the number of potentially compromised tax returns remains at 750. Hackers stole tax info from more than 70 to file bogus tax returns.
The university announced April 5 that 750 employees had “suspicious activity” surrounding their online TALX Tax Express accounts when someone tried to reset PIN numbers.
The hackers victimized employees by trying to file fraudulent tax returns. That’s when U of L officials discovered the breach and notified the tax document company.
The local FBI would not confirm an investigation.
“The university did not have enough reports to establish a pattern until last week,” said Karman. “We don’t believe we’ve ever had a significant breach related to tax forms.”
Computer information systems professor Andrew Wright said since users want easy access to their accounts, security suffers. Two-factor authentication, used on sites like Apple and Outlook, was not used with the TALX accounts.
“It’s valuable information – we ought to have a stronger method for accessing it,” Wright said.
Wright said employees were not notified their PINs were reset. “We always want to notify a user when a change like that has been made,” he said.
Karman says the situation is not unique, as the IRS sees a 400 percent increase in identity theft attempts during tax season.
In an email April 4, Associate Vice President of Human Resources Jeanell Hughes said investigations were underway.
“We do not believe this issue will prevent any employees from being able to receive tax refunds,” Hughes said in the email. Officials believe they caught the data breach in time.
Karman said the full extent of the problem may not be known until after tax filing season.
Equifax, which owns TALX Tax Express, reports an unknown user reset at least 75 personal identification numbers to gain access to the accounts.
“The unauthorized user was able to successfully answer personal questions about the affected individuals in order to reset the individuals’ PINs,” TALX said in an email to those with compromised accounts.
TALX said it began working immediately to aid those whose information was hacked. The corporation says it will safeguard against further security breaches.
Investigators are looking to see if someone from Equifax or U of L hacked the accounts.
“We understand the frustration and hardship this incident may cause you and members of our campus community,” Hughes said. “Information security is a top priority of our university, and we take your data security and privacy protection seriously.”
TALX has processed W-2s for U of L since 2003.
Updated 4/7/17 at 11:55 a.m.