Car parts maker says scam got tax info for 2,400 workers
Stolen data includes 2016 W-2 salary and tax information, and workers' names, addresses and Social Security numbers.
BLOOMSBURG, Pa. — A Swiss company said income tax information was stolen for about 2,400 workers in the US, putting them at risk of identity theft just as many are awaiting tax refunds.
Autoneum North America Inc. said the data included 2016 W-2 salary and tax information as well as the current and former workers’ names, addresses and Social Security numbers.
Company spokeswoman Anahid Rickmann said it has been working with the FBI and IRS to investigate the breach and has offered its employees identity repair and credit monitoring services. She said the information was stolen “with criminal intent.”
The company said affected employees worked at plants that make vehicle components for noise and heat protection in Jeffersonville, Indiana; Oregon, Ohio; Bloomsburg, Pennsylvania; and Aiken, South Carolina; and at its North American headquarters in Farmington Hills, Michigan.
A Bloomsburg plant employee, Donna Artley, told the Bloomsburg Press Enterprise she believes the data breach helped someone apply for her tax refund. The newspaper first reported on the identity theft Feb. 27.
Artley told the Press Enterprise that as soon as she got notice from Autoneum on Feb. 21 she directed her accountant to submit her federal taxes, but it was too late _ someone else had filed taxes with her Social Security number. She said others at the Bloomsburg plant have had similar experiences.
“I understand that this happens every day now,” she said. “But if they had let us know as soon as they had the slightest hint someone was fishing around, there may have been fewer problems.”
Rickmann said the company spent a couple weeks working with investigators and formulating a response, including setting up a hotline. She said Autoneum did not know how many employees’ tax refunds have been affected.
The IRS says tax-season phishing scams grew by about 400% last year, often using sophisticated means to mimic company communications in order to obtain the confidential data.