The Archdiocese of Seattle is alerting employees and volunteers that their personally identifiable information might be abused by crooks to file fraudulent tax refunds. Apparently, the organization’s systems have been breached and sensitive information has been stolen.
In a notice posted on its website on Monday, the archdiocese advises employees and volunteers to check with the IRS to see if a tax return has already been filed in their name.
The organization says that it has hired a forensic security company to identify the source of the breach. The FBI has also been notified.
“Please be assured that we are taking all possible steps to determine the source of this problem. We are also working to determine what other steps should be taken by those impacted by the fraud,” the Archdiocese of Seattle noted in the alert written in both English and Spanish.
KIRO 7 has learned that the hackers might have stolen the details of as many as 90,000 people employed or volunteering at churches, schools and agencies. The archdiocese says that it has been collecting the personal details of employees and volunteers as part of the background check process.
During this process, they provide various pieces of information, including social security numbers, which represent the key piece of data needed by fraudsters to file false tax returns.
The database containing the information has been breached by hackers. The first case of fraud came to light on Tuesday. Immediately after, the archdiocese started notifying employees and called in a security firm to help with the investigation.
So far, the organization has learned of over a dozen victims, but there could be more, which is why employees and volunteers are advised to contact the IRS.
At this point, it’s uncertain if the cybercriminals who stole the information have managed to get refunds.
The archdiocese advises its employees and volunteers to call the IRS’s identity protection unit at 800-909-4490, visit the local IRS office, or check the transcript of their refunds on the agency’s website.
Those who find fraudulent tax returns should report the crime to the IRS and to law enforcement. The fraud should also be announced to one of the three major credit reporting agencies so that they can place fraud alerts on victims’ credit reports.
Last month, the FTC said that identity theft topped consumer complaints in 2013. Consumers reported losing a total of over $1.6 billion (€1.16 billion) to fraud.