2017 Information on 2016 Tax Data

Recently the University received notice from a small number of employees, who reported suspicious activity involving their tax returns, including the unauthorized filing of tax returns by others. As part of the investigation into those reports, the University of Louisville Police Department contacted Equifax, which launched an inquiry and informed the University that there has been suspicious activity on some of our employee accounts. (The University uses a third party provider, TALX, a wholly-owned subsidiary of Equifax, to make W-2 forms accessible online via its W-2 Express product from www.mytaxform.com).

The suspicious activity identified to date does not indicate that University of Louisville systems or servers were involved or impacted.

The suspicious activity involved access or download of W-2 information from the service provider's W-2 Express/Tax Form Management website that may not have been made by the employee. The concern is that individuals other than the employee (or someone an employee has authorized such as a tax preparer) may have accessed online accounts and W-2 information. It appears that the purpose of this access is to fraudulently file tax returns to obtain refunds and/or commit other fraudulent activities based on the information obtained.

The University relied on the security measures provided by Equifax, who provides workforce solutions in HR, payroll and tax management and compliance to thousands of businesses, non-profits and government entities. The suspicious activity involved using certain personal information to access the Equifax's website and reset passwords (a.k.a PIN) and/or access W-2 information. At the University's request, Equifax has strengthened the authentication process to access their website. Access for password resets will now require answering security questions established by the employee or authentication by a one-time passcode sent to the campus email address or other verified email address. Equifax and the University are reviewing additional options for increasing security.

Equifax's initial investigation indicates that personal information - from sources other than UofL or Equifax - was used to access or reset passwords in order to gain access to employee accounts.

The University is tracking the number of individuals who have contacted us with concerns about possible suspicious activity with their W-2 or their tax filings, including whether or not they can confirm that their accounts have been accessed. The vendor and/or University of Louisville Police Department are investigating each case. Fewer than 50 employees have been confirmed as having fraudulent activity associated with their W-2 information. Equifax reviewed thousands of changes to accounts in the past 12 months. From this review, Equifax has identified up to 750 employees whose W-2 Express accounts show potential suspicious activity. Though much of this account activity may be legitimate, Equifax--out of an abundance of caution--is in the process of contacting these individuals, by campus email and U.S. mail, by April 7 to provide assistance and credit monitoring service. Each of these employees will be offered one year of ID Patrol identity protection service at no cost from Equifax.

No matter how many employees are affected, any issue like this one is unacceptable. The University is working closely with the vendor to address the problem, assist those impacted, and prevent such occurrences in the future.

Some individuals received notice from the IRS or their state's tax return entity about suspicious activity involving their tax returns. University police is working with them and appropriate authorities to investigate the fraudulent activity. Individuals whose accounts have shown suspicious activity will receive a notification from Equifax, along with an offer for credit monitoring services. The federal and state tax agencies have protocols for managing tax fraud, and the University therefore does not expect any employees to lose tax refunds to which they are legitimately entitled.

We are advising employees who suspect their tax information may have been used to file a fraudulent tax return to contact the University of Louisville Police Department at 502-852-7290. We also encourage them to contact the IRS, the Commonwealth of Kentucky Finance and Administration Cabinet, and/or the Indiana Department of Revenue (if they file taxes in Indiana). Contact information is provided below.

The full extent of the problem may not be known until after the tax filing season. Last year alone the IRS reported that it saw a 400 percent increase in identity theft attempts during tax season. Unfortunately, the risk of fraud can be a byproduct of any online system that contains sensitive information. UofL and Equifax will continue to monitor the situation and respond to employees' concerns about suspicious activity on their accounts.

Equifax is communicating directly with individuals who have contacted us about suspicious activity and with the group of up to 750 individuals who have been identified as having potentially suspicious activity involving their accounts. The University and Equifax are recommending enrollment in the identity theft protection (ID Patrol) that is being provided to them at no charge. This protection includes a $1 million Fraud Expense Coverage and other support in the event of fraud.

We are advising employees who suspect their tax information may have been used to file a fraudulent tax return to take the following steps:

  1. Contact the University of Louisville Police Department at 502-852-7290.
  2. Notify the credit bureaus to place a fraud alert on their credit reports. Information on how to do this is located at www.consumer.ftc.gov/articles/0275-place-fraud-alert.
  3. Notify the Kentucky Attorney General's office (if a Kentucky resident) or the Indiana Attorney General's office (if an Indiana resident). Contact information is below.

You can check your history regarding use of a Tax Form Management online account via the W-2 Express product on www.mytaxform.com. Instructions on how to do this are available with this PDF. If you have questions on how to access or find an entry that you believe was not yours, please contact Business Operations at 502-852-7549 or businops@louisville.edu.

Contact Information for Reference:

Credit Agencies


PO Box 9554

Allen, TX 75013




PO Box 2000

Chester, PA 19016




PO Box 740241

Atlanta, GA 30374



Federal Trade Commission

Consumer Response Center

600 Pennsylvania Avenue, NW

Washington, DC 20580

1.877.ID.THEFT (438-4338)



You may contact the IRS Identity Protection Specialized Unit at 1-800-908-4490. The IRS may request that you file IRS Form 14039 (which is available at www.irs.gov/pub/irs-pdf/f14039.pdf). For additional information from the IRS about identity theft, you may visit www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft.

Kentucky Department of Revenue

501 High Street

Frankfort, KY 40601

(502) 564-4581


KY Attorney General

Kentucky Attorney General's Office

Office of Consumer Protection

1024 Capital Center Drive, #200

Frankfort, KY 40601

Data Breach Hotline: 855-813-6508 (toll free)


Indiana Department of Revenue

P.O. Box 40

Indianapolis, IN 46206-0040

(317) 232-2240


IN Attorney General

Office of the Indiana Attorney General

Indiana Government Center South

301 W. Washington, St.

5th Floor

Indianapolis, IN 46204

ID Theft Email: IDTheft@atg.in.gov

ID Theft Unit: 1.800.382.5516

Website: www.in.gov/attorneygeneral/2409.htm