IRS fraudulent tax return prompted the investigation

Mar 31, 2015 07:28 GMT  ·  By

Personally identifiable information (PII) belonging to current and former employees, as well as retirees of Bradley University in Illinois may have been exposed as a result of a data breach.

Bradley University is a mid-sized private educational institution founded in 1897, which has a residential campus that can house about 5,700 students.

Fraudulent tax returns recorded, about 4,700 people impacted

Following an internal investigation, malware has been identified on the two systems that stored PII belonging to employees.

Among the details that have been compromised there are names, addresses, dates of birth, as well as social security numbers, the officials say, which can be used for multiple malicious operations.

It appears that the cybercriminals have already managed to take advantage of the data, as some employees have been notified by the IRS about irregular activity concerning their tax filings.

This is what actually prompted the investigation from the university, which started last week and it is ongoing at the moment.

According to the current results of the investigation, student data has not been exposed in any way and only current and former staff, along with their spouse/partner and dependents, are impacted. In total, it is estimated that about 4,700 individuals are affected by the incident.

Free identity protection provided for one year

A team of external experts together with Computer Services staff members have worked to remove the malware from the affected computers.

However, individuals whose data may have been exposed should be vigilant about suspicious activity on bank accounts since cybercriminals could use the stolen information to apply for credit in the name of the victim.

If the data was compromised, the IRS may issue a notification alerting about the fraudulent tax return activity.

Bradley University has set up a website specifically to provide information about the event, as well as advice and instructions on mitigating the associated risks.

Identity protection and credit monitoring services are also offered free of charge for a period of one year to all individuals impacted by the incident.