An email phishing scheme has compromised the personal information of American Senior Communities’ current employees as well as some former employees, the company said. More than 17,000 people are thought to be affected.
“In mid-January 2017, offshore scammers posing as a high-level ASC executive requested copies via e-mail of employees’ W-2s,” the Indianapolis-based company said in a statement provided to McKnight’s Senior Living. “The payroll processor responded to the authentic-looking e-mail by furnishing the requested information.”
ASC first learned of the incident on Friday, the company said, when employees reported that their tax returns were being rejected because others already had filed returns using their personal information. W-2 forms contain names, addresses and Social Security numbers, in addition to other information.
“Upon learning of these events, ASC promptly notified the Criminal Investigation Division of the IRS, the Indiana Attorney General’s Office, the Indiana Department of Revenue and local law enforcement,” the statement said. “The company will continue to work with these authorities to resolve this unfortunate incident.”
The company said it also notified all employees of the data breach on Friday and is setting up a toll-free number they can call to have their questions answered. ASC will pay for free credit monitoring for all current and affected former employees and will assist them with their tax-filing concerns, according to the statement.
“No resident or personal health information was obtained during this attack,” the company said.
American Senior Communities offers independent living, assisted living, memory care, rehabilitation, skilled nursing, hospice and other services and has 93 locations in Indiana and Kentucky, according to its website.