Ball State employees affected by the recent rash of identify thefts and income tax fraud—at least 140 in number—are part of a larger national trend, a government official with the Indiana Attorney General's Office said.
During his April 8 visit to Ball State, Rich Bramer, director of the Indiana Attorney General's consumer protection division, addressed concerns about the recent accounts of income tax fraud facing Ball State employees with a presentation on how to protect against it and what to do if affected.
Bramer said Ball State employees are part of a growing trend among colleges and universities.
“[There is a] widespread tendency to steal university employee personal information across the nation," Bramer said.
Bramer said after observing the national trend he plans to meet with his colleagues in other states and take it to the federal level.
"I am supposed to meet with a representative of FBI’s cybercrime task force some time next week," he said. "I am going to mention it to them and make sure it is on their radar."
Bramer rattled off several examples of other universities experiencing smaller or greater instances of income tax fraud, including the University of Iowa and Western Kentucky University. Both universities reported employees experiencing fraudulent tax returns. University of Iowa has had more than 200 employees affected whereas Western Kentucky has had more than 50.
He also mentioned examples at Seminole State College, James Madison University and Auburn University.
Of all the institutions Bramer and his office found in their research, most of the instances occurred within the past two years. Last year, the University of Northern Iowa had about 240 employees affected by income tax fraud.
"I think any reasonable person would say that when over 30 colleges and universities over the last two years have had data breaches occur, that’s a trend," he said.
Bramer said universities are being targeted because of the ease of access to personal information of a large number of people.
"Universities and colleges are a very popular place to have a breach ... because there are very few places where you can get good addresses and social security numbers for large masses of people," Bramer said. "Universities and colleges have large bodies of [students] as well having large bodies of employees — they are prime targets to fraudsters."
Since 2014, more than 30 higher education institutions have been targets of data breaches, which can lead to identity theft and tax fraud. Indiana University was the target of a data breach in 2014 that exposed 146,000 students and recent graduates. There were five data breaches at universities in 2014 that were larger than the Sony breach in December 2014, according to The Associated Press.
Health insurance company Anthem, Inc. announced Feb. 4 it was the victim of a security breach that affected about 80 million people. Anthem holds the personal information of 8,000 Ball State employees and their dependents.
The income tax frauds and identity thefts have not been linked to the Anthem breach, Bernard Hannon, vice president for business affairs, said.