University of Minnesota Professors Defrauded after Mystery Data Breach
In order for an individual to commit tax fraud – file false tax returns in the name of another individual – the criminal must have access to certain information about the victim. The information is generally not readily available, so it must be obtained from someone who has that data.
Healthcare providers and insurance companies are often targeted specifically for the data they hold. With just a few data fields criminals can steal identities and files fake tax returns – as well as commit may other types of fraud.
Hackers attempt to break through defenses, thieves target medical devices containing Protected Health Information (PHI) and insiders are used to abuse their access rights and steal data,
When tax fraud is discovered, especially tax fraud involving a specific group of individuals, the source of the data breach is often relatively easy to identify. All victims worked at a specific hospital, were enrolled in the same health plan or had used the same pharmacy chain, for example.
However, a number of fraudulent tax returns have recently been made in the names of University of Minnesota staff, and the cause of the breach is proving to be something of a mystery. In this case, tax fraud has been discovered by two University of Minnesota professors of the Sociology and Psychology faculties. They found they were unable to file tax returns as another person had already done it for them. Other work colleagues were also victims of tax fraud.
Clearly not a coincidence, the matter was reported to the University in April of this year, and an investigation was initiated; however there was no evidence of any data breach discovered two months on. The computer network was analyzed and there was simply no evidence to suggest that the data breach had occurred at the university.
According to an MPR news report, when asked if any investigations were being conducted internally to determine whether a member of faculty staff had leaked data, Steve Henneberry, a spokesperson for the University said “there is no information to support that.”
According to the report, various theories have been put forward as to the source of the data. Human Resources chief, Kathryn Brown, suggested the crimes were the result of “random criminal activity”. The current assumption is that the data breach occurred at an external agency, be that a healthcare provider or insurance company or other holder of sensitive data. The likely alternative is an insider at the University, but with no evidence of any improper access discovered, there is little more the University can do apart from remain vigilant.
Unfortunately for the breach victims, since the cause of the breach has not been discovered, there is no one to offer fraud mitigation and identity repair services. The cost must be covered by the fraud victims themselves.
The University of Minnesota has taken appropriate action and investigated, but with no breach discovered there is little that can be done. It is up to the victims to identify the common denominator and attempt to discover the cause of the breach.
