American Senior Communities reported that several employees have had their federal tax returns rejected by the IRS with the government stating they were duplicates. This is most likely due to a company payroll worker falling for a W-2 phishing scam in January resulting in cybercriminals filing false returns using the stolen data.

How many victims? About 17,000 workers.

What type of information? All the basic personal data contained on a W-2 was lost to cybercriminals.

What happened? In mid-January, a person posing as an American Senior Communities senior executive requested a copy of all employee 2016 W-2 forms, which were issued by the Indianapolis-based firm in January. The payroll worker did as asked sending the information off to an unauthorized individual. The company realized this happened on February 17 when several employees reported that their tax returns were returned with the IRS stating that they were duplicates.

What was the response? American Senior Communities notified all its employees the day it learned of the breach, as well as local law enforcement, the Indiana Attorney General’s Office and the state’s Revenue Department. Unfortunately, enough time had passed that the malicious actors were able to make use of the pilfered information.

Quote: “No resident or personal health information was obtained during this attack. ASC takes privacy seriously and deeply regrets that the incident occurred and offers our sincerest apologies to everyone affected,” the company said in a statement

Sources: American Senior Communities, The Indianapolis Star