You've already heard about thieves stealing credit card numbers, with the Target stores theft dominating the news headlines. But imagine what a thief could do with your company's payroll records. Those contain valuable information such as your social security number, date of birth, your address and how much you earn.
Gary Blatto-Vallo of Webster, New York learned how damaging this type of data theft can be when he tried to submit his federal tax return. "We were alerted by our accountant that our e-filing for our taxes was denied because of one of our numbers had been used," he says.
Turns out this is a common scam--a thief steals your Social Security number, files a return and collects a refund. I should mention that Gary Blatto-Vallo is a friend of mine--one reason he's willing to talk about this experience. NPR talked with several people in this situation, but most are uncomfortable speaking publicly on issues concerning their employers.
A few days after Blatto-Vallo's tax return was rejected, he says his employer sent notice that its payroll system had been hacked. He works for Sorenson Communications, a company that provides services for people who are deaf. Because there's an investigation happening, the company declined NPR's interview request.
Blatto-Vallo says Sorenson offered him help, including credit monitoring services. And he expects to spend many hours over the next year monitoring accounts and sorting out his taxes with the IRS.
Other companies have had their payroll systems compromised recently too. Chicago-based Assisted Living Concepts, which recently changed its name to Enlivant, says 43,600 of its current and former employees were affected. "We've partnered with the IRS and the FBI and the investigation continues," says Monica Lang, vice president of corporate communications at the company.
The US Department of Justice says 16.6 million people were victims of identity theft in 2012. It's not clear exactly how many were victims of payroll system data breaches, specifically. Experts consulted for this story believe it's a small percent. But the consequences can be very serious--not only can a thief buy things under your name, they can also get medical care, open new accounts or even commit crimes using your identity.
If you're worried about the security of your employer's payroll records ask questions, advises Eva Valasquez, president & CEO of Identity Theft Resource Center. If you're worried about offending your boss, Valasquez suggests mentioning this story and use that as a way to bring up the topic.
There are some laws designed to keep private data safe and notify victims when there's a breach. Some federal laws are specific to the type of data—medical records, for example. 46 states have their own laws with varying degrees of protection. That can be confusing for businesses that operate in more than one state.
The law firm Fox Rothschild LLP has developed an iPhone application to help businesses sort out the various requirements. Scott Vernick, a partner with the firm says most large companies would prefer one federal standard.
On Capitol Hill, a few lawmakers have repeatedly introduced bills to strengthen federal data privacy laws, as NPR has covered before. With more attention on data breaches now, they hope a bill will pass this year.