Security Software & Equipment Store

Wednesday, May 4, 2016

ADP Client Companies Hacked By Cyber Thieves Seeking Tax Information

Earlier this week ADP explained how fraudsters managed to siphon W-2 tax forms using a convenient online feature. The incident seems small in scope. But it shows how fraudsters have adopted novel techniques to steal personal information -- especially the kind that can later be used to claim tax refunds. ADP didn't say when the theft occurred, and wouldn't tell CNNMoney how many people had their detailed income data exposed. But it noted the incident affected "around a dozen" of the company's 630,000 corporate clients. One of them, US Bank, is where 1,400 people were affected. That's about 2% of the company, according to the bank. Here's how it happened, according to ADP. Many companies provide pay information to their employees online. This makes it easier to download past W-2 forms whenever they're needed for doing taxes or applying for a loan. ADP offers this to their corporate clients via a public-facing website. To register, an employee has to use a "unique company registration code" and some personal information, such as a Social Security number and birthday. ID thieves are interested in W-2 data because it contains much of the information needed to fraudulently request a large tax refund from the IRS in someone else’s name. How secure are the employee records of global and domestic private sector firms? And which mitigation steps should they take? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/

No comments:

Post a Comment