Hampton Roads, Va. - According to a statement from Tidewater Community College, Social Security numbers and financial information for 3,193 employees has been compromised.
A file containing the names of all 2015 TCC employees, their Social Security numbers, 2015 earnings, withholding and deduction information was emailed in response to a request that appeared to be from a legitimate TCC account. The college has now learned that the email request came from a illegitimate account that was not associated with the school.
The names included current and former full-time, part-time wage, and adjunct employees – anyone who received taxable wages from TCC for 2015.
Several employees attempted to file their 2015 tax returns and were advised by the IRS that a return had already been filed under their Social Security numbers.
Marian Anderfuren, TCC Public Information Officer, says officials thought they were isolated incidents until an employee saw a transcript of her tax return and it matched her W2 form.
She says employees started to go through their emails to search for anything suspicious and found the source of the data breach.
"This affects everyone from the President on down," she says. "This is an anxious time of the year to start with because it's tax filing season and this adds another layer of anxiety to what folks are already dealing with. We're very sensitive to that and of course sensitive to it because we are feeling it ourselves."
Some employees who already received their tax returns say they are happy to be in the clear, but still surprised.
"It was shocking, it was really shocking," says David Maull, an administrative assistant at TCC. "To see that many people affected is disturbing. It should make you wake up and be a little bit more careful about how your information is handled and by whom."
The school recommends employees take the steps below immediately to protect their information.
- First, contact one of the three major credit-reporting agencies – Equifax, TransUnion, or Experian -- to place a fraud alert on your credit file. The one you place a fraud alert with will contact the other two. Renew the fraud alert every 90 days.
- Experian: https://www.experian.com/fraud/center.html
- TransAmerica: https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp
- Equifax: https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp
You can request a copy of your current credit report when you set up the fraud alert.
- Complete and submit IRS Form 14039, Identity Theft Affidavit. It alerts the IRS that you have reason to believe your personal information may be used fraudulently. Click here for the form and further information. Alternatively, you may call the IRS toll-free at 1-800-829-1040.
If you believe your personal information has already been used fraudulently:
- Report the identity theft to the Federal Trade Commission at http://www.idtheft.gov. You can also call 1-877-IDTHEFT.
- File an identity theft report with your local police. The police report is necessary if you want to apply for a new Social Security number.
- Report the theft of your Social Security number to the Internet Crime Complaint Center at http://www.ic3.gov/. The report will be distributed to the relevant federal, state and local authorities.
The Federal Trade Commission offers a resource on what to do in case of identity theft online here.
Finally, report your incident to TCC by using this online form.