recommended reading

Threatwatch

Payroll Hack & Tax Fraud Hits Denver Archdiocese Personnel

Network intrusion; Stolen credentials; Unauthorized use of system administrator privileges

A data breach at the Catholic Archdiocese of Denver has put current and terminated employees, as well as their dependents, spouses and beneficiaries at risk of ID theft.

A third-party provider that manages the data reported someone had accessed the payroll system and looked at W-2 information for about 80 individuals last fall.

Names, addresses and Social Security numbers of about 18,000 people are in the impacted database.

All employees were notified last week, after a March spike in the number of personnel reporting tax fraud. The scammed victims were not thought to be affected by the earlier hack.  

The archdiocese suspects that the late October 2015 incident involved more people than was originally believed, or that there was an additional breach.

So far, fewer than 50 individuals have reported that someone filed a tax return in their name. "There could be some who didn't report back to us," Keith Parsons, CFO of the archdiocese said.

sector

Government (U.S.); Nonprofit

reported

April 19, 2016

reported by

Denver Post

number affected

Between 80 and 18,000

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Late October 2015

date breach detected

November 2015