Not our hack, not our data breach: Greenshades

Although media reports this month have been talking about a hack of payroll services provider Greenshades that has resulted in clients’ employees discovering that their identity info has been used for fraudulent returns, Greenshades want you to know that they haven’t had a breach of their system.

Earlier this week, Karen Berkowitz reported that District 113 employees in Chicago had also been reporting fraudulent tax returns filed with their identity information. The District uses Greenshades as its payroll services provider.

“We have identified potentially suspicious activity relating to Greenshades’ tax portal,” Herrick said, in a statement read Monday at a school board meeting attended by angry and distraught employees.

Herrick said the school district has used Jacksonville, Fla.-based Greenshades to process employees’ W-2 tax forms for more than 10 years. The forms detail earnings and withholdings. The school district also recently used the firm to distribute 1095 tax forms.

The district does not yet know how many employees have been affected. As a precaution, employees’ access to the Greenshades tax portal has been blocked while the district continues its investigation.

But the owner of Greenshades told Berkowitz that this was not a “data breach” or “hack,” because the criminals used valid login credentials:

“For this particular client (District 113), the credentials that were required were the SSN and DOB,” Kane said, referring to the employee’s social security number and date of birth. “Those credentials were chosen by the client.”

“What happened from our perspective is that we detected IP addresses from (geographic) areas that seemed suspicious, trying to make multiple log-ins, and we shut them down,” Kane said.

Well, that, indeed would be an incident of a different color.

In a statement on their blog on March 16, Greenshades writes:

The IRS is reporting an increase in fraudulent tax filings nationwide, and Greenshades is likewise seeing a marked increase in reports of fraudulent login attempts to some client GreenEmployee portals. There is no indication that any of the information used in these fraudulent login attempts is a result of a technical breach of the Greenshades network. Instead, it appears criminals with personal information obtained from other sources are attempting to log into some GreenEmployee portals.

Greenshades is taking various steps to help maintain the security of client and employee information. This includes proactively monitoring attempts to access the Greenshades network from suspicious IP addresses and requiring that all clients adhere with Greenshades’ recommended log in settings. In the past, Greenshades has allowed the employer to establish its own credentials for log in.

If you have questions or information about fraudulent activity involving the Greenshades network, please contact [email protected]. If you believe that you are the victim of identify theft, or that someone has fraudulently filed a tax return with your identity, please contact the Federal Trade Commission at:

About the author: Dissent

Comments are closed.