Tennessee’s two public higher education systems are trying to trace the source of a possible federal income tax scam resulting from the stolen identities of some of their employees, reports the Johnson City Press.
An email sent to faculty and staff in the Tennessee Board of Regents system said the college governing body was alerted to the possible scam by the University of Tennessee at Knoxville, which belongs to its own system.
The email said that when at least eight UTK employees attempted to file their income tax returns, they were notified by the U.S. Internal Revenue Service that a return had already been filed under their names and Social Security numbers.
TBR employees were asked to report similar experiences to determine if a data breach occurred at UT or a state database.
Spokeswoman Monica Greppin-Watts said four TBR employees, two at Southwest Community College in Memphis and two at East Tennessee State University, reported they received the same notice when filing their taxes, but the board believes they’re isolated cases.
“We don’t have any reason to suspect that there is any data breach,” she said. “At the TBR, we don’t have a central database where all employee data is stored. That information is kept on site at each of our member schools.”
Out of the TBR’s 16,000 employees, Greppin-Watts said that four reporting stolen identities doesn’t seem to be a significant number to indicate a security problem in the system.
…A government report estimates the IRS paid out nearly $4 billion to people using stolen identities to file fake tax returns in 2012.
In December, the Tennessee Bureau of Investigation charged a state employee with stealing the personal information of hundreds of teachers in the Nashville area and Johnson City Power Board employees by accessing a Tennessee Consolidated Retirement System file and downloading the information to a personal computer.
After searching the computer’s browser history, the TBI reported the man, Steven Hunter, searched for information about selling stolen personal data, but the agency did not believe he was able to sell the identities.