Equifax’s subsidiary TALX — now called Equifax Workforce Solutions — helped tax thieves by relying on outdated and insufficient consumer authentication methods, according to security specialist Brian Krebs. Thus, fraudsters were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.
Still, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, the online security expert continues, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.
So far, at least five organizations have received letters from Equifax about a series of incidents over 2016, including defence contractor Northrop Grumman, staffing company Allegis Group, Saint-Gobain, Erickson Living, and the University of Louisville.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now