Fraudulent IRS tax returns may have been filed

Apr 15, 2015 12:39 GMT  ·  By

Several computers containing human resource records belonging to former and current employees of Homebridge Inc. (formerly known as In-Home Supportive Services Consortium) have been compromised in a cyber-attack.

The California-based home care company believes that the cybercriminals may have had access to the sensitive information for one month and a half.

Tax return fraud seems to be the objective of the perpetrator

According to the investigation, following the discovery of the incident on March 13, the intruders managed to infiltrate the systems on January 24; as such, the data was exposed between this interval.

Homebridge says that the information that could have been exfiltrated included employees’ first and last name, address and social security number (SSN).

These details are sufficient for crooks to file for fraudulent tax returns with the IRS (Internal Revenue Service) in the name of the legitimate owner.

In fact, the company says it received reports that the stolen information was used this way. The tax report deadline expires on April 15 and anyone delaying this activity is likely to have the refunds diverted to the cybercriminals’ pockets.

Company says better security measures are now implemented

After discovering the compromise, Homebridge contracted the services of a third-party forensics and data security company to help with the investigation.

Apart from removing the malicious programs from the affected systems, Homebridge also took steps towards increasing the security of its computer network. However, the letter notifying the affected individuals about the cyber breach does not disclose the new measures adopted.

As is the case with anyone who had their personal info stolen, the recommendation is to monitor the bank account statements and credit reports in order to discover suspicious activities at an early stage and report them to the appropriate financial institution.

To decrease the chances of its employees falling victim to identity theft, Homebridge offers free subscription for one year to an identity protection and credit monitoring service. Enrollment is not automatic, but instructions on how to complete the process are provided in the incident disclosure letter.

NOTE: On March 2, 2015, In-Home Supportive Services Consortium became Homebridge. The same name is used by a mortgage company, which is not associated in any way with the breach or the home care business.