UnitedHealthcare data breach leads to ID theft at UC Irvine
Scammers used stolen data to file false tax returns, steal students' refunds
IDG News Service - A data breach at United Healthcare Services Inc. has led to a rash of identity-theft crimes at the University of California, Irvine.
To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim's name and then collect their tax refunds. The breach affects 1,132 graduate students who were enrolled with the university's graduate student health insurance program in the 2006-07 school year, said Cathy Lawhon, the university's media relations director.
UC Irvine police and IT staff have been investigating the crime for several months, she said.
"In February, the police began getting reports from graduate students that when they filed their income tax returns, they were being told that their returns had already been filed using their Social Security numbers," she said.
Local and federal law-enforcement agencies have been called in to help with the investigation, and they have traced the source of the data breach to UnitedHealthcare, the carrier for the school's graduate student health-insurance program, Lawhon said.
Based in Minnetonka, Minn., UnitedHealthcare is one of the largest health care service providers in the U.S. A company spokeswoman confirmed that some university students' personal information "may have been accessed without authorization," but she could not comment on the source of the breach.
Other UnitedHealthcare customers have not been affected, she added. "As far as we know, this situation was isolated to UCI."
According to U.S. Internal Revenue Service spokesman Jesse Weller, scammers have been particularly aggressive this year, hoping to cash in on the federal government's economic stimulus payments. "Even before the law was signed ... scammers were attempting to get victims related to the stimulus payment, and it has continued since that time," he said.
The IRS is now in the process of sending checks of $300 to $600 per person to an estimated 130 million households in the U.S. as a result of the Feb. 13 stimulus package.
Weller could not comment on the UC Irvine breach.
The university has set up a Web page for those who think they may have been affected by the scam.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!