Am I Affected By the ADP Data Breach?

Due to the recent ADP data breach, some employees at organizations that use the outsourced HR and payroll provider may be vulnerable to tax fraud.

According to the company , the ADP data breach specifically occurred because clients enabled fraudsters to obtain individuals’ personally identifiable information printed on online ADP paycheck stubs or W-2s by failing to secure the unique portal registration codes the company issues to clients.

“ADP has learned of a small number of clients whose employees have been victimized by fraudulent registrations through a self-service registration portal,” ADP spokesman Dick Wolfe stated. “Any potential exposure of W-2 information was limited to individuals who have had their personal information compromised previously – unrelated to ADP – based on ADP’s investigation to date.”

ADP paycheck stubs or W-2 forms which list an employee’s full name, Social Security number and mailing address, have been used by identity thieves to file fraudulent tax returns and illegally obtain tax refunds.

ADP says the fraud attempts were discovered by its in-house financial crimes monitoring team, and that it’s assisting U.S. authorities with an investigation.

The news of the ADP data breach was first reported by security blogger Brian Krebs of KrebsOnSecurity, who said the ADP data breach may have compromised accounts at more than a dozen firms, including the nation’s fifth-largest bank, U.S. Bancorp, a.k.a. U.S. Bank.

U.S. Bank Employees: Tax Fraud Alert

One of ADP’s clients, U.S. Bank, has about 67,000 employees, meaning that about 1,350 of those employees could be victims of tax fraud, or attempted tax fraud.

U.S. Bank issued a warning letter to employees affected by the ADP data breach which stated that “since April 19, 2016, we have been actively investigating a security incident with our W-2 provider, ADP,” according to the note sent by U.S. Bank executive vice president of human resources Jennie Carlson.

“During the course of that investigation we have learned that an external W-2 portal, maintained by ADP, may have been utilized by unauthorized individuals to access your W-2, which they may have used to file a fraudulent income tax return under your name,” Carlson warned.

U.S. Bank says no customers were affected. “This did not [involve] customers or customer information. It affected approximately 2 percent of our employees,” spokesman Dana E. Ripley said, adding that “the vulnerability has been resolved.”.

ADP Data Breach: Customers at Fault

ADP says the information leak appears to be limited to that self-service registration portal. “ADP has no evidence that its systems housing employee information have been compromised. Additionally, the company is working with a federal law enforcement task force to identify the fraud perpetrators,” Wolfe says.

Commenting on the ADP data breach, Wolfe says that “weakness in the portal is a mischaracterization,” and instead blames customers for the information security lapse, saying they mishandled the unique registration code that gets issued to each ADP customer organization.

Wolfe says that ADP warns customers to never publish unique registration codes to unsecured websites, “and has temporarily disabled access to the registration portal for those clients that continue to publish company registration codes in this fashion.”

If you believe you were a victim of tax fraud or identity theft as a result of the ADP data breach, you may have grounds for legal action.

Join a Free ADP Data Breach Class Action Lawsuit Investigation

If your employer uses ADP to process payroll and you received an ADP paycheck or ADP W2 tax form, you could become the victim of tax fraud. You may be eligible to join a class action lawsuit investigation to help compensate you for past and future losses.

Join Now