U.S. Bancorp workers may have been exposed to a breach in the security of their W-2 information in an ADP cyber attack. The attack puts some employees at risk of becoming victims of identity theft and tax fraud.
U.S. Bancorp is currently investigating the ADP cyber attack to assess possible consequences. According to KrebsonSecurity, a flaw in ADP’s online customer portal allowed customers’ W-2 information to be leaked.
U.S. Bancorp is just one of many companies that uses ADP to conduct its payroll operations. Others may also have had some of their employees’ tax information compromised, which would expose them to the possibility of tax fraud. Through the ADP cyber attack, W-2 information collected could be used to fraudulently register taxes.
ADP has claimed that only few of their clients have reported employees who experienced identity theft or tax fraud after the ADP cyber attack, and U.S. Bancorp is the only client that has been identified officially.
According to SC Magazine, KrebsonSecurity reports that as many as a dozen other companies may be involved in the ADP cyber attack information breach.
A spokesperson for U.S. Bancorp reported that the weakness that allowed the ADP cyber attack has been resolved in regard to her company. She reports that as many as two percent of U.S. Bancorp’s 60,000 employees may have been impacted in the breach.
What Caused the ADP Cyber Attack?
According to ADP, the ADP cyber attack happened when some of their clients posted their ADP registration codes on an unsecure website. Someone found these codes and used them to create employee accounts for employees who had not yet registered.
This involved process allowed them to see the employee’s W-2 information, which would then allow them to commit tax fraud.
According to ADP’s senior director of corporate communications, Dick Wolfe, the process had a number of requirements to allow the criminal access to this information. “Registration to the portal requires an access code that is unique to each client company.
The company registration code is combined with an individual employee’s personal information…to create a unique access code required for portal registration. In this case, these clients made the unique company registration code available to its employees via an unsecured public website.
The combination of an unsecured company registration code and stolen personal information…enabled the fraudulent access to the portal, based on ADP’s investigation to date.”
According to Wolfe, there has been no evidence that ADP employee data as a whole has been compromised, and it has instead remained in these relatively isolated incidents.
If you believe that you may be a victim of tax fraud through this ADP payroll security breach, there are a few steps to take. You can notify the IRS by filing an IRS Form 14039, the Identity Theft Affidavit.
This form puts the IRS on the alert for your Social Security number and other information that may be included in fake tax return.
Join a Free ADP Data Breach Class Action Lawsuit Investigation
If your employer uses ADP to process payroll and you received an ADP paycheck or ADP W2 tax form, you could become the victim of tax fraud. You may be eligible to join a class action lawsuit investigation to help compensate you for past and future losses.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2026 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
