By Shelby Horton
Since the data breach on March 24, Hutchinson Community College employees have been concerned about being targeted by the attackers.
One of the first attacks happened to sociology instructor Kimberly Newberry and her husband when criminals attempted to file fraudulent taxes in their name.
Then another HCC staff member was hit as someone filed fraudulent taxes in her name. However, this staff member had been signed up with Kroll for over a week but was never notified when she was compromised. Instead she had to be notified by the IRS. She later reported the issue to HCC administrators, but continued to feel HCC was not doing enough to deal with the March 24 security breach.
Later on, Charles Buller, chemistry instructor, also was compromised, even though he was signed up with Kroll. Buller also was faced with the same type of hacking, as the attackers filed fraudulent IRS forms in his name.
As more HCC staff begin to fall under this type of attack, they have begun to notice that Kroll Monitoring Service did not give them warnings, nor has it changed their online status reports.
“Kroll does not monitor your taxes,” a Kroll customer service representative said on April 26. “Only the IRS is allowed to monitor your taxes. We are only able to help you deal with the aftermath of the situation.We mainly monitor your credit report, such as if someone attempts to take out a loan on a house or car in your name.”
Kroll does not “monitor” fraudulent tax filings. Instead they act more like a clean-up crew to help victims of tax fraud to keep damages to a minimum.
It is understandable why some HCC staff would think that Kroll offered a tax-monitoring service, due to a quote made by Kroll’s managing director for identifying theft and breach notification, Brian Lapidus, on the Kroll website.
In the message to employers, it said, “Kroll recommends you offer services that go beyond simply monitoring credit. While credit monitoring is meaningful, it does not capture areas of compromise such as tax fraud, employment fraud and criminal impersonation.”
“By offering noncredit monitoring, as well as direct access to investigators to help each employee handle fraud and identity theft issues, you will show your employees that your business is committed to giving them knowledgeable resources to avoid further consequences from the phishing scheme.”
The college is providing HCC employees with Kroll’s triple bureau credit monitoring; monitoring Internet sites where personal information is sold and traded; monitoring of public record databases; and monitoring of thousands of short term and cash advance loan sources. The plan includes $1 million in identity theft insurance, identity consultation, and restoration services with licensed investigators.
“Hutchinson Community College chose to cover its employees with the highest level of coverage Kroll made available to us,” said Julie Blanton, vice president of finance and operations.
The Kroll site said colleges are prime targets for hackers because they are such data-rich environments with many access points and “a culture built on collaboration and open-sharing of information.”