Fraudsters loot W-2 data stored by Equifax

Equifax, one of the big-three US credit bureaus, has been targeted by fraudsters that search for W-2 data and use it for claiming fraudulent tax returns.

But the company hasn’t been breached. Instead, in an approach similar to the one recently used to steal W-2 data from the ADP customer portal, the crooks misused the fact that not many users change default login credentials they have been assigned, and managed to access random accounts and harvest the data in them.

The real victims are the employees, current and former, of US grocery giant Kroger, Stanford University, Northwestern University, and probably other businesses and institutions, whose data has been stolen and misused.

Users can access their accounts via Equifax’s W2Express tax form management website, and to do that they are provided with login credentials that are based on their Social Security numbers (SSN) and dates of birth.

Unfortunately, after years of massive data breaches left and right, this kind of information on US citizens has become easy to obtain on dark web markets.

The users who have made the effort to change those login credentials once they entered their account aren’t affected by these attacks.

At Stanford University, 600 current and former employees had their data stolen in this way. At Northwestern University the number is 150. Kroger is still trying to determine how many of their employees have been hit.

“The information in question was accessed by unauthorized individuals who were able to gain access by using users’ personally identifiable information. We have no reason to believe the personally identifiable information was attained through Equifax systems,” Equifax spokeswoman Dianne Bernez told Brian Krebs.

“Unfortunately, as individuals’ personally identifiable information has become more publicly available, these types of online fraud incidents have escalated. As a result, it is critical for consumers and businesses to take steps to protect consumers’ personally identifiable information including the use of strong passwords and PIN codes. We are working closely with Kroger to assess and monitor the situation.”

I can’t help but think that with Equifax not making it mandatory for users to change the default credentials for the portal they have contributed considerably to this unfortunate situation.

Don't miss