SANTA BARBARA, Calif., April 5, 2017 /PRNewswire/ -- On February 6, 2017, Ondracek & Company learned that some clients had received notification letters indicating that someone had attempted to file 2016 tax returns fraudulently using the clients' Social Security numbers. That same day Ondracek & Company immediately began an investigation into the matter contacting its IT consultant, changing all system passwords and user information, running scans, and reviewing its systems to identify any malicious malware on its network. None were found. It further contacted the IRS and FTB, and hired a specialized forensic IT firm for additional investigation.
On February 17, 2017, the specialized forensic IT firm determined that hackers had gained unauthorized access to Ondracek & Company's system from a foreign IP address. Through investigation, Ondracek & Company has discovered that the unauthorized access occurred between November 21, 2016 and February 6, 2017.
If you are or were an individual Ondracek & Company client, this information may have included your: name, date of birth, telephone number(s), address, Social Security number, all employment (W-2) information, 1099 information (including account number if provided to Ondracek & Company), and direct deposit bank account information (including account number and routing information if provided to Ondracek & Company).
If you are or were an entity client of Ondracek & Company, this information may have included your: company name, Federal Employer Identification Number (EIN), address, telephone number; employee and/or 1099-recipient information (including account number if provided to Ondracek & Company); bank or brokerage account information if provided to Ondracek & company; and partner, shareholder/officer, or beneficiary names, addresses, and Social Security numbers.
If you are or were a partner, employee, vendor, or beneficiary of an Ondracek & Company client, then the information may have included your: first and last name (or entity name), address, and Social Security number or EIN.
If you are or were an employee of an Ondracek & Company client, then the information may have included your: first and last name, address, Social Security number, and your date of birth.
Protecting your information is incredibly important to Ondracek & Company. If you believe you may be affected from this incident, please call at 1-855-836-9865, or write at P.O. Box 30308, Santa Barbara, CA 93130-0308.
Ondracek & Company strongly recommends the following steps be taken:
- Change all bank account numbers provided to Ondracek & Company, or at a minimum remain vigilant by reviewing account statements.
- Establish and monitor free 90 day fraud alerts with the three credit reporting bureaus. Their telephone numbers and addresses are: Equifax (1-888-766-0008; P.O. Box 740241, Atlanta, GA 30374), Experian (1-888-397-3742; P.O. Box 4500, Allen, TX 75013), and TransUnion (1-800-680-7289; P.O. Box 2000, Chester, PA 19022-2000).
- Consider placing a credit freeze on your accounts. For more information: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
- If you become a victim of identity theft, file a complaint with the Federal Trade Commission at https://identitytheft.gov. The FTC also provides detailed and specific information about identity theft at their website, which you should review.
Lastly, you are entitled to a free credit report every year from the three credit bureaus at www.annualcreditreport.com; and two years of complimentary credit monitoring through AllClear ID has been purchased for you should you be affected.
Protecting your information is incredibly important to Ondracek & Company. In addition to the steps outlined above, Ondracek & Company notified the FBI, all three consumer reporting bureaus, the applicable state agencies, and it is reviewing office policies and procedures. It also hired additional IT security experts, and it is working with law enforcement in their investigation of the criminals.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/notice-of-data-incident-regarding-ondracek--company-300435039.html