By Paul Tassin  |  May 11, 2016

Category: Labor & Employment

Data Breachdata breach at ADP, a large payroll processing provider, has exposed an unknown number of U.S. workers to possible tax fraud.

Security blogger Brian Krebs of KrebsOnSecurity was first to report publicly on the data breach. Krebs writes that identity thieves used sensitive information gathered from other sources to register for ADP Payroll online accounts in the names of employees who had not yet registered themselves.

New Jersey-based ADP provides payroll services for over 640,000 companies. The company’s reach is so widespread, most U.S. workers have received at least one ADP-printed paycheck during their lifetime.

How the ADP Data Breach Happened

According to Krebs, the breach began to be revealed when U.S. Bancorp sent out a warning to some of its employees saying that their sensitive financial information had been compromised by unauthorized access through ADP’s customer portal.

A letter received by one U.S. Bank employee says the institution had been investigating the incident since April 19, 2016. The letter warns employees that the hackers gained access to employees’ W-2 information, which could be used to file a fraudulent income tax return.

The letter appeared to lay blame for the breach on ADP, for maintaining the external online portal that had been exploited. ADP later confirmed that other data breaches similar to those involving U.S. Bank employees had affected employees of other ADP payroll customers.

To successfully create the fraudulent registrations, ADP says, the perpetrators must have already had certain essential personal information gathered from some other source – information including the employee’s name, date of birth, and Social Security number.

Registration would also require two pieces of information that did come from ADP: a custom, company-specific link and a static code. Again, ADP says the hackers did not get that information from ADP but rather from ADP payroll customers who inadvertently had published both the link and the code online.

With that much information, the hackers were able to register on behalf of employees whose companies had deferred their registration to a later date. At that point, the hackers had access to those employees W-2 data and all they needed for tax fraud.

A spokesperson for U.S. Bank says the company did publish the link and code via an internal resource for its employees’ convenience, without realizing the two pieces of information could be sensitive.

Krebs comments that ADP’s portal had been relying “entirely on static data that is available on just about every American for less than $4 in the cybercrime underground” – information like address, date of birth, and Social Security number.

Neither ADP nor U.S. Bank has revealed how many persons’ data has been exposed.

Data Breach Victims at Risk for Tax Fraud

With the sensitive W-2 information exposed via the breach, hackers – or whoever they sell their ill-gotten data to – may be able to commit tax fraud by filing bogus tax returns on behalf of the affected employees.

According to Bankrate.com, the IRS says that tax filers who know or even just suspect their data has been compromised can submit Form 14039, the Identity Theft Affidavit. The agency says this form puts them on alert for signs of tax fraud that could show up on a fake return. Bankrate also recommends affected persons keep an eye on all their other financial information, like their credit reports.

Tax fraud attorneys are now investigating what further remedies may be available for employees affected by the data breach.

Join a Free ADP Data Breach Class Action Lawsuit Investigation

If your employer uses ADP to process payroll and you received an ADP paycheck or ADP W2 tax form, you could become the victim of tax fraud. You may be eligible to join a class action lawsuit investigation to help compensate you for past and future losses.

Join Now

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

One thought on ADP Data Breach May Result in Tax Fraud

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.