UnitedHealthcare Data Breach Leads to ID Theft

By Robert McMillan

Tue, June 03, 2008 — IDG News Service —

A data breach at UnitedHealthcare has led to a rash of identity-theft crimes at the University of California, Irvine.

To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim's name and then collect their tax refunds.The breach affects 1,132 graduate students who were enrolled with the University's Graduate Student Health Insurance Program in the 2006-07 school year, said Cathy Lawhon, media relations director with the university.

University of California, Irvine (UCI) police and IT staff have been investigating the crime for several months, she said.

"In February, the police began getting reports from graduate students that when they filed their income tax returns, they were being told that their returns had already been filed using their Social Security numbers," she said.

Local and federal law-enforcement agencies have also been called in to help with the ongoing investigation and have traced the source of the data breach to UnitedHealthcare, the carrier for the school's graduate student health-insurance program, Lawhon said.

Based in Minnetonka, Minnesota, UnitedHealthcare is one of the largest health care service providers in the United States. A company spokeswoman confirmed that some UCI students' personal information "may have been accessed without authorization," but could not comment on the source of the breach.

Other UnitedHealthcare customers have not been affected, she added. "As far as we know, this situation was isolated to UCI."

According to U.S. Internal Revenue Service spokesman Jesse Weller, scammers have been particularly aggressive this year, hoping to cash in on the federal government's economic stimulus payments. "Even before the law was signed& scammers were attempting to get victims related to the stimulus payment, and it has continued since that time," he said.

The IRS is now in the process of sending checks of US$300 to $600 per person to an estimated 130 million households in the U.S. as a result of this Feb. 13 stimulus package.

Weller could not comment on the UCI breach.

The university has set up a Web page for those who think they may have been affected by the scam.

Comments

More from IT Drilldown « Back to Security

Articles

How to Stop Fraud

Symantec Releases Disaster-Recovery Statistics

Symantec Desktop Security Software Boasts Reputation Analysis

Programmer Steals Wall Street Trading Code, FBI Alleges

Used PC Strategy: Pass the 'Toxic Buck' to Developing Countries

Hackers Exploit Second DirectShow Zero-Day Using Thousands of Hijacked Sites

Malware Authors Hit By Recession Too

Tools to Identify Anonymous Users Online

Mobile Security ABCs

Get up to speed on mobile security.

Learn More »

Security Newsletter

Security MarketSpace

White Papers

Cost Effective Data Loss Prevention

Learn how Data Loss Prevention technologies can in fact be deployed in a cost effective manner. Learn more »

Data Loss Prevention and Enterprise Rights Management

Enterprise Management Associates highlights the complementary values of Data Loss Prevention and Enterprise Rights Management as a strategic approach to information risk control. Learn more »

Eliminate the Impact of Distance

Learn how to be prepared to adapt your environment in a way that supports distributed employees, anytime anywhere collaboration and the need for business continuity during a disaster. Learn more »

Webcasts

Why Data Loss is Increasing--and What You Can Do About It

Maximizing the Business Value of the PC Infrastructure

Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »

Accelerate Your Virtual Environment

Rapid Replication for Virtual Servers Learn more »