Pharmacy benefits management firm notifies clients’ employees whose data were stolen by employee for tax refund fraud (update1)
Tampa-based My Matrixx provides pharmacy and ancillary services for workers’ compensation programs.
In November 2013, they were contacted by federal law enforcement and notified that a former employee of theirs in Florida was under investigation for filing fraudulent tax returns. By that time, the employee was no longer in their employ, but they were asked not to disclose the breach to anyone. In December, they were given permission to start notifying those whose data may have been accessed or actually misused for tax refund fraud. Law enforcement provided additional details about their investigative findings in January, and in February, My Matrixx began notifying its clients’ employees who had been affected.
In a notification letter dated February 7, Artemis Emslie, President of My Matrixx, notes that the data theft actually occurred in early 2012 or before then and the fraudulent tax returns were filed in the first half of 2012. No credit card information appears to have been involved but names and Social Security numbers were.
Those affected were offered 12 months of free credit monitoring.
The total number of claimants affected was not indicated in their notification to New Hampshire, but they indicate that it was a “small number of situations.”
The names of their clients whose employees were affected was not included in their report to the state and was redacted in the individual notification letter to a New Hampshire resident.
Update: The breach was reported by ProAssurance to Maryland as affecting 23 Eastern Alliance claimants. I’m still keeping an eye out for other clients who were affected.