Stanford employees hit by Social Security fraud
The Social Security numbers of some Stanford employees have been pilfered, and fraudulent benefit claims have been filed, raising concerns that the new thefts might be linked to a tax data breach last year involving university workers.
At least one employee also was targeted in last year’s case of identity theft and is frustrated that Stanford has not directly reached out to previous victims to warn them of potential threats to their Social Security numbers.
Stanford responded that the private information was obtained some other way, and that it is not to blame for the most recent incident.
In April 2016, criminals used hundreds of Stanford employees’ Social Security numbers and birthdates to download hundreds of W-2 forms from the credit bureau Equifax, which they then used to fraudulently file tax returns.
In recent weeks, several Stanford employees have reported that their Social Security numbers have been stolen and benefits claimed.
“This is a lifetime problem now,” said Daniel Sneider, associate director for research at Stanford’s Shorenstein Asia-Pacific Research Center. “I am stuck with the fact that criminals have my Social Security number, thanks to that data breach. That opens all kinds of doors.”
“They need to email people, and alert them,” he said. “That is the responsible thing to do.”
But Stanford says that it is not to blame for the newest scam. It adds that it issued a warning last week in the Stanford Report to the campus community.
Last year’s W-2 theft — when perpetrators downloaded the forms in hopes of stealing tax refunds — required prior knowledge of a person’s Social Security number and date of birth, said Stanford. The perpetrators were already in possession of this personal information, which was subsequently used to log in and download the W-2 forms, according to the university.
Stanford has conducted an in-depth investigation to determine the source of Social Security numbers that were used and did not find any evidence that the numbers were leaked from the university, according to Michael Duff, assistant vice president and chief information security officer.
The university asserts that the latest breach was part of a larger nationwide scam — and that the two thefts are likely coincidental.
“To access social security benefits, someone needs several pieces of information, including a mother’s maiden name,” said university spokesperson Lisa Lapin. “This is not information that Stanford collects for any reason, so this indicates another source for the personal information.”
“We have never been able to determine the source of the social security numbers used to access Stanford employee’s W-2 forms last year,” she said. “We have not determined that Stanford was the source of the information used to access the W-2 information for fraudulent tax returns.”
Nationwide, there have been numerous large-scale breaches of personally-identifiable information, according to Duff.
Sneider said he learned of the theft from the Social Security Administration when someone tried to fraudulently file for his benefits. Social Security Administration officers in Mountain View told him he was the ninth Stanford employee to experience a theft of his information. A Stanford detective also told him there might be a connection, he said.
He believes that the people who stole the W-2 information sold that Social Security information to others, who are now using it to claim benefits.
“It is possible that having acquired our Social Security numbers in the original breach, they used them to acquire other information,” he said. “After all, the breach took place at Equifax — which has access to that kind of information also.”
To report suspicious activity using your Social Security number, call the Office of Inspector General hotline at 1-800-269-0271. A Public Fraud Reporting form is also available online at the Inspector General’s website: https://www. socialsecurity.gov/fraudreport/oig/public_fraud_reporting/form.htm.