California-based home care services co. notifies employees of data breach, tax fraud
California-based Homebridge, formerly In-Home Supportive Services (IHSS) Consortium, is notifying an undisclosed number of current and former employees that unauthorized access was gained to human resource records, and that the stolen personal information may have been used to file fraudulent tax return forms.
How many victims? Undisclosed.
What type of personal information? Names, addresses, and Social Security numbers.
What happened? A limited number of Homebridge computers were infected with malware, unauthorized access was gained to human resource records, and the stolen information may have been used to file fraudulent tax return forms.
What was the response? Homebridge retained a data forensics and cybersecurity firm to assist in investigating the incident. Steps have been taken to eradicate the malware and enhance the security of systems. All potentially impacted individuals are being notified, and offered a free year of identity protection and credit monitoring services.
Details: Homebridge believes that the approximate date of the unauthorized access to the human resource records may have been from January to March.
Quote: “Homebridge has received reports that criminals may have used the stolen information to file fraudulent tax return forms with the Internal Revenue Service (“IRS”) on behalf of Homebridge employees,” according to the notification letter.
Source: oag.ca.gov, “Homebridge Data Security EE Notification Letter 13 April 2015,” April 13, 2015.