A data breach at United Healthcare Services Inc. has led to a rash of identity-theft crimes at the University of California, Irvine.
To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim's name and then collect their tax refunds. The breach affects 1,132 graduate students who were enrolled with the university's graduate student health insurance program in the 2006-07 school year, said Cathy Lawhon, the university's media relations director.
UC Irvine police and IT staff have been investigating the crime for several months, she said.
"In February, the police began getting reports from graduate students that when they filed their income tax returns, they were being told that their returns had already been filed using their Social Security numbers," she said.
Local and federal law-enforcement agencies have been called in to help with the investigation, and they have traced the source of the data breach to UnitedHealthcare, the carrier for the school's graduate student health-insurance program, Lawhon said.
Based in Minnetonka, Minn., UnitedHealthcare is one of the largest health care service providers in the U.S. A company spokeswoman confirmed that some university students' personal information "may have been accessed without authorization," but she could not comment on the source of the breach.
Other UnitedHealthcare customers have not been affected, she added. "As far as we know, this situation was isolated to UCI."
According to U.S. Internal Revenue Service spokesman Jesse Weller, scammers have been particularly aggressive this year, hoping to cash in on the federal government's economic stimulus payments. "Even before the law was signed ... scammers were attempting to get victims related to the stimulus payment, and it has continued since that time," he said.
The IRS is now in the process of sending checks of $300 to $600 per person to an estimated 130 million households in the U.S. as a result of the Feb. 13 stimulus package.
Weller could not comment on the UC Irvine breach.
The university has set up a Web page for those who think they may have been affected by the scam.