Ashland University officials discovered on Feb. 8 that files containing the W-2 forms of both current and former employees were stolen in an online security breach on Feb. 3.

An unauthorized third party unlawfully obtained electronic files containing employee personal information through a criminal scheme known as phishing.

On Feb. 9, Ashland University Vice-President and CFO Stephen Storck send out an email addressing all student employees, faculty, and staff, stating that the incident had been detected and was under investigation.

When asked for an interview, Storck stated in an email that he had “checked with the attorney that the university engaged to advise us with the phishing incident.  Given the nature of the incident and the fact that the investigation is ongoing, I have been advised to limit my comments to the prepared statement.”

The statement said the security breach was discovered on Feb. 8, and that upon learning of the incident, an investigation was immediately started. The statement also said AU is working with external cybersecurity professionals, the IRS and law enforcement to deal with the issue.

The university is currently not aware of identity fraud issues so far that would have resulted from the phishing incident the statement said.

In the email addressing employees, Storck said anyone who receives a W2 from the university “will be receiving a letter in the mail…regarding the situation, along with information to enroll in a credit monitoring and identity theft protection service at no cost.”  

The information that is likely to be most at risk in this situation is the type of information that might be used to file fraudulent tax returns at both the state and federal levels the statement said.

University employees were provided with information on how to protect their identity and credit as a result of this situation. The email suggested placing a fraud alert on credit cards or placing a security freeze on files.

The security breach only impacts those employed at the university in 2016 or earlier and will not affect new employees. The university is working to enhance security of employee personal information, the statement said.

University officials released a phone number to call if employees have any other questions they can call 844-893-3073.