Tennessee-based State of Franklin Healthcare Associates (SoFHA) has notified all employees that their personal information was accessed during a security breach at the company's third party payroll vendor, and some if has already been used to file fraudulent tax returns.
How many victims? All employees are being notified, and 20 to 25 have been affected.
What type of personal information? Employee payroll information, including W-2s.
What happened? SoFHA's third party payroll vendor was breached, access was gained to SoFHA employee payroll information, and fraudulent tax returns were filed.
What was the response? SoFHA is working with national, state and local law enforcement to identify the perpetrators. SoFHA is notifying all employees, and is offering them a free year of identity theft protection services.
Details: SoFHA notified local authorities in early February. As of Thursday, between 20 and 25 employees have reported being victims of tax-related identity theft.
Quote: “We do know that the cyber attack was contained to only employee payroll information, and at no time was any patient data compromised,” Richard Panek, CEO of SoFHA, was quoted as saying. “The scam is that the criminals attempt to file for, and receive, a tax refund before the real person files.”
Source: johnsoncitypress.com, Johnson City Press, “Scammers target State of Franklin Healthcare employees in payroll breach,” Feb. 13, 2015.