UnitedHealthcare data breach leads to ID theft at UC Irvine
Scammers used stolen data to file false tax returns, steal students' refunds
IDG News Service - A data breach at United Healthcare Services Inc. has led to a rash of identity-theft crimes at the University of California, Irvine.
To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim's name and then collect their tax refunds. The breach affects 1,132 graduate students who were enrolled with the university's graduate student health insurance program in the 2006-07 school year, said Cathy Lawhon, the university's media relations director.
UC Irvine police and IT staff have been investigating the crime for several months, she said.
"In February, the police began getting reports from graduate students that when they filed their income tax returns, they were being told that their returns had already been filed using their Social Security numbers," she said.
Local and federal law-enforcement agencies have been called in to help with the investigation, and they have traced the source of the data breach to UnitedHealthcare, the carrier for the school's graduate student health-insurance program, Lawhon said.
Based in Minnetonka, Minn., UnitedHealthcare is one of the largest health care service providers in the U.S. A company spokeswoman confirmed that some university students' personal information "may have been accessed without authorization," but she could not comment on the source of the breach.
Other UnitedHealthcare customers have not been affected, she added. "As far as we know, this situation was isolated to UCI."
According to U.S. Internal Revenue Service spokesman Jesse Weller, scammers have been particularly aggressive this year, hoping to cash in on the federal government's economic stimulus payments. "Even before the law was signed ... scammers were attempting to get victims related to the stimulus payment, and it has continued since that time," he said.
The IRS is now in the process of sending checks of $300 to $600 per person to an estimated 130 million households in the U.S. as a result of the Feb. 13 stimulus package.
Weller could not comment on the UC Irvine breach.
The university has set up a Web page for those who think they may have been affected by the scam.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts