Rockhurst University on Wednesday notified about 1,300 employees that someone had stole personal information from their IRS W-2 forms through a data breach.
The theft, which includes Social Security numbers, occurred April 4 and was discovered April 6. None of the victims has reported any loss from the phishing incident, school officials said Wednesday.
They said the theft had been reported to the FBI, police and the IRS.
In a letter, University President Thomas B. Curran apologized to victims for the disruption in their personal and professional lives.
“I’m angered that someone chose to victimize our institution and the good people that contribute to its important work,” Curran wrote. “And I acknowledge and accept that you may be angry, frustrated and/or frightened, but I ask and hope for your participation and assistance in addressing this situation.”
Rockhurst says the breach occurred when someone impersonating a university administrator requested W-2 information and provided a bogus email address.
“We are taking steps to notify and train employees so that they are more able to recognize these sophisticated fraud schemes,” Curran wrote.
The university also said it is arranging identity theft and credit monitoring protection at no cost for two years to the employees.
The theft affected all employees who worked at Rockhurst during 2015. W2s include employees’ names, addresses, incomes and Social Security numbers — information that thieves can sell or use to file bogus tax returns and claim fraudulent refunds.
The IRS told Rockhurst it would be on the lookout for such returns, university officials said.
The Government Accountability Office recently studied fraudulent refunds after reports from the IRS that it prevented $24.2 billion in payments to identity thieves in 2013 but paid $5.8 billion in federal returns that were later determined to be fraudulent. The GAO called such scams a “large, continually evolving threat that is costing taxpayers billions of dollars per year.”
Last month, the IRS sent a notice to employers’ payroll departments about spoofing emails seeking W-2 information. The IRS said it has seen a 400 percent increase in phishing and computer malware cases this tax season.
The Associated Press contributed to this story.
Donald Bradley: 816-234-4182