A spokesperson for American Senior Communities confirmed the data breach in a statement released Monday.
After a payroll processor replied to an email claiming to be from a company official, the employee W-2 tax information, which included names, addresses and Social Security numbers, was shared with an “offshore phishing scammer,” according to the IndyStar.
Although the email was sent mid-January, the company did not discover the breach until February 17 when some employees indicated their tax returns were being rejected after they were filed by someone on their behalf.
The nursing home chain has alerted the authorities, including the Internal Revenue Service, Indiana Office of the Attorney General, and the Indiana Department of Revenue.