431K Kroger Employees' W2s Stolen
On the heels of tax and salary data being stolen from payroll company ADP, and both Stanford and Northwestern Universities dealing with a similar issue, the nation’s largest grocery chain has sent a letter to all current and a few past employees notifying them that hackers have taken their tax and salary information.
The thieves were able to access this data thanks to a weakness within Equifax’s W-2Express site. This service is used by companies to allow their employees to access and download electronic W-2 forms. This information is valuable to criminals who use it for W-2 spoofing scams. With this data, thieves are able to file phony tax returns in an employee’s name, ideally before the victim has a chance to.
The unknown hackers were able to easily get access by logging in with the default PIN number each employee was assigned, which was nothing more than their Social Security number and birthday. Kroger is unsure who is behind the attack, how many of their over 431,000 employees are affected, or how the thieves originally got access to employee information.