Incident FAQs

Some information in these FAQs has been provided to the Archdiocese of Seattle by the Internal Revenue Service.

  1. what happened?

As you no doubt know by now, on March 4, 2014, we learned that a number of individuals affiliated with Archdiocese of Seattle (mostly volunteers and employees at parishes and schools) have been victimized in a national tax fraud scheme. In general, criminals who have obtained social security numbers for our employees, volunteers, and parishioners are filing false tax returns in their identities, and obtaining fraudulent refunds.

We understand from the IRS and FBI that the affected individuals have likely had their names, social security numbers, and possiblydates of birth compromised. We are actively working with law enforcement to assist them in their investigation, in an effort to help bring the persons responsible to justice.

As the investigation progresses we will continually update our Web site with the most current information regarding the data breach at .

  1. How and when did the Archdiocese become aware of this?

Between March 4 and March 7, 2014, we learned that approximately nine individuals who are employees and/or volunteers at parishes and schools in the Archdiocese of Seattle had fraudulent tax returns filed using their names and social security numbers. Upon determining that this issue may have affected a number of our members, we immediately retained a cyber security and forensics firm to assist us in our investigation. We also contacted the IRS and FBI.

  1. Is this unique to the Seattle Archdiocese?

No. Other organizations and their members have experienced similar problems. For several years now, the IRS has been investigating national tax identity fraud scams just like the one experienced here. We do not know, however, whether the events affecting employees and volunteers at the Seattle Archdiocese relate to other scams across the country.

Unfortunately, despite significant efforts, at this time we still do not know for sure:

  • whether the breach is directly connected to data we collected or computer systems used to store that data;
  • the identities of individuals whose personal information was compromised by the breach (unless they have notified us directly); and
  • by whom or how the personal information in this case was compromised.
  1. Why didn’t you tell affected individuals about this incident sooner?

On March 7, just days after first learning of a possible issue, we attempted to notify as many people as possible. On that same day, we sent an email to all individuals whose email addresses we had in our Child Protection Training records, our most readily available contact list. We do not know which current or former employees and volunteers (other than those who have reported to us) were affected, so we sent the e-mail out as an immediate, precautionary measure. We have also attempted to keep people updated through follow-up e-mail communications, regional meetings, and updates to our website.

As the investigation progresses we will continue to update our Web site with the most current information regarding the data breach at .

  1. Why did you notify by e-mail?

We notified by email because that was the broadest and fastest way for us to provide an urgent alert to diocesan employees and volunteers. We are working to assemble a more complete contact list of individuals who are actual or likely victims of tax fraud, so that we can send additional notices and communications to them.

Also, as the investigation progresses we will continually update our Web site with the most current information regarding the data breach at .

  1. HOW CAN I BE ADDED TO YOUR CONTACT LIST?

You may . In the email, please include, your full name and address (for notification purposes),the parish and/or school with which you are affiliated, andwhether you are an employee, volunteer, or both. Also, please indicate if you believe you have been a victim of tax fraud.

If you do not use e-mail, you may provide us with your mailing address by writing and mailing us at Tax Information, Archdiocese of Seattle, 710 9th Avenue, Seattle, WA 98104 and we will do our best to keep you informed in a timely manner of any updates that may affect you.

As the investigation progresses we will continually update our Web site with the most current information regarding the data breach at .

Please be EXTREMELY CAUTIOUS when giving out personal information and DO NOT DISCLOSE YOUR SOCIAL SECURITY NUMBER VIA E-MAIL . In the aftermath of security breaches, some opportunistic criminals seek to fraudulently obtain personal information of affected individuals by claiming to be the business experiencing the breach. Do NOT respond to any e-mail requests from entities requesting your social security number, date of birth, financial account numbers, login/password information, or other sensitive personal information in relation to this breach. We will NOT ask you for your social security number, date of birth, financial account number, or other sensitive personal information, with regard to this incident. If you receive any written request or electronic request via e-mail purporting to be from the Archdiocese of Seattle, and it looks suspicious, please e-mail us for assistance at .

We will only contact you by telephone if you contact us first, and we will only e-mail you from the e-mail address: .

  1. WILL THERE BE MORE MEETINGS AT PARISHES/SCHOOLS?

We conducted a series of six informational meetings, which took place around the archdiocese. Although no additional meetings are planned at this time, if we have meetings in the future, we will post dates and locations on our website. The meetings provided people with an opportunity to meet with special agents from the IRS criminal investigations division to ask general questions and for the IRS agents to collect information in connection with their ongoing investigation regarding this and other national tax fraud scams.

If you couldn’t attend the meetings, you can obtain important information that was offered on at the meetings on our Web site including a video presentation about what to do if you are a fraud victim.

  1. AM I AFFECTED, OR I WAS A VOLUNTEER/EMPLOYEE AT A PARISH SEVERAL YEARS AGO AM I AFFECTED?

At this time, the source and scope of the breach are still not clear. We are still trying to determine the full scope of individuals who may have been affected. Until we learn who was affected, we are providing notice broadly and providing individuals with information to allow them to take steps to protect themselves and contact the IRS if an individual believeshe or she has been a victim of tax-related identity theft.

For more information on determining whether you are a victim of tax fraud, visit the

“Taxpayer Guide to Identity Theft” at

  1. I HAVE NEVER BEEN AN EMPLOYEE OR VOLUNTEER, COULD I STILL BE AFFECTED?

At this time, the source and scope of the breach are still not clear. We are still trying to determine the full scope of individuals who may have been affected. Until we learn who was affected, we are providing notice broadly and providing individuals with information to allow them to take steps to protect themselves and contact the IRS if an individual believes he or she hasbeen a victim of tax-related identity theft.

For more information on determining whether you are a victim of tax fraud, visit the

“Taxpayer Guide to Identity Theft” at

  1. WHAT PERSONAL INFORMATION WAS EXPOSED?

We know that some employees and volunteers of the Archdiocese or our parishes or schools have had their names and social security numbers used in fraudulent tax returns. We do not know whether the data was obtained from Archdiocesan data or systems, nor do we know if any other data was obtained from us or from some other source. We have retained a global forensic investigative firm and a prominent law firm with significant experience in this area to assist us determining the source of and the scope of the breach as soon as possible.

  1. WHAT DID THE ARCHDIOCESE OF SEATTLE DO WHEN THEY WERE INFORMED OF THIS POTENTIAL ISSUE?

The day the Archdiocese realized that this problem affected employees and volunteers across different parishes and schools in the Archdiocese, we:

  • Hired a national forensics firm to begin an internal investigation.
  • Sent an e-mail to individuals in our Child Protection Training contact list, which was the fastest, broadest notification we could provide at that time.
  • We set up a special e-mail address so that problems could be reported back to us.
  • We made a report to the FBI and attempted to notify the IRS. The following business day we were in contact with the Criminal Investigation unit of the IRS and created a tax fraud resource site on our archdiocesan website at
  • Since then we have continued to cooperate with law enforcement, updated our website, gathered information from victims to assist with the investigation, scheduled regional meetings, and retained legal counsel to help us comply with all our legal obligations.
  1. WHAT IS CURRENTLY BEING DONE?

Our current efforts are focused on working with the forensic investigators we hired, the FBI and the IRS to identify the source of the problem, informing volunteers and employees who may have been affected, and providing updates on the situation via our web site.

At this time we do not know:

  • whether the breach happened via the Archdiocese data or computers systems,
  • the identities of individuals affected by the breach (unless they have notified us directly),
  • how or by whom personal data of parish and school employees and volunteers was obtained.
  1. WHAT IS THE ARCHDIOCESE OF SEATTLEDOING TO PREVENT THIS FROM HAPPENING AGAIN?

We are actively working with law enforcement and the forensic investigators we engaged to determine the source and scope of the breach, and the identities of those individuals affected. Once we learn this information, we will be able to know how, precisely, we can update our procedures and systems tobetter protect personal information. We are also engaging in examination of our policies, procedures, and systems to strengthen them and how we treat personal information.

  1. HAS THE PERSON/PERSONS WHO ACCESSED/STOLEN THE INFORMATION BEEN CAUGHT?

Unfortunately, not yet. The IRS Criminal Investigation unit and the FBI are conducting a joint investigation of this particular issue in the Pacific Northwest. In addition, we have hired a national forensic firm to conduct our own investigation of this matter.

  1. WAS ANY FINANCIAL ACCOUNT INFORMATION ALSO COMPROMISED?

We have not received any information indicating that this breach also involved financial account information. In the meantime, we are testing and examining systems that may contain financial account information to see if they were exploited and to strengthen them.

There are, however, steps you can proactively take to protect yourself from identify theft. Information is available from the FTC’s website at From that site, you can scroll down to: “Specific Types of Identity Theft” and click on “Tax-Related Identity Theft”. Towards the bottom of the Tax-Related Identity Theft Page, the FTC provides guidance about how to repair identity theft in this situation.

  1. HAS COMPROMISED INFORMATION BEEN MISUSED?

We have been informed that volunteers and employees of the Seattle Archdiocese have had their names and likely their social security numbers used to file fraudulent tax returns. However, we do not know how the criminals obtained this information and where it came from. Because the source of the information is unknown, we have been working to provide people with information to help so that people can take steps to protect themselves.

  1. HOW MANY INDIVIDUALS HAVE BEEN AFFECTED?

We are still trying to determine how many individuals were affected by this incident. To date, we are aware of approximately 4,500 individuals who are, or have been, connected to the Archdiocese who may have been the target of a fraudulent tax return scheme.

  1. WHY DID YOU COLLECT MY SOCIAL SECURITY NUMBER?

We work with vulnerable populations, including children and seniors, and have implemented robust procedures to protect them. Part of our protective procedures include obtaining background checks and other information about employees and volunteers who may come into contact with children or seniors. Because it is considered an industry wide practice, we began collecting social security numbers in 2001to enable us toobtain relevant information about potential and ongoing employees and volunteers to make sure we continue to protect children and seniors.

  1. CAN YOU REMOVE MY DATA?

I understand your concern. At this time, there is an ongoing FBI and IRS investigation. As a result, we are preserving evidence that may be helpful to criminal investigators in their investigation.

  1. WILL THE ARCHDIOCESE PAY FOR MONITORING OR RECOVERY SERVICES?

We are planning on providing individuals who may have been subjected to the filing of a false return as a result of the data breach with credit monitoring services. We are also working to provide all individuals with information to help them better protect themselves. Please check our website at for more information. You could also check with your insurance company to see whether coverage may be included in your existing policy.

  1. I PROVIDED MY SOCIAL SECURITY NUMBER TO THE ARCHDIOCESE WITH THE EXPECTION IT WOULD BE SAFEGUARDED. ALTHOUGH I HAVE NO PROOF MY SSN HAS BEEN USED FRAUDULANTLY TO DATE, I EXPECT THE ARCHDIOCSE TO PAY FOR CREDIT MONITORING SERVICES BECAUSE I AM CONCERNED THAT MY INFORMATION HAS BEEN COMPROMISED.

At the present time, the Archdiocese is offering credit monitoring services to individuals whose social security numbers were used for the filing of a fraudulent tax return. I understand your concern about safeguarding your personal information and encourage you to follow the steps listed on the Archdiocesan website.

  1. CAN I GET REIMBURSED FOR A SERVICE THAT I HAVE PURCHASED ON MY OWN?

No, unfortunately we cannot reimburse you for services that you purchased on your own. We are currently looking into ways we can provide credit monitoring services to people affected by fraudulent returns filed in their name. In the meantime, we are working to provide as much information as we can to help you better protect yourself. Please check our website at for more information.

  1. WILL THE IRS REIMBURSE ME IF MY REFUND HAS BEEN REDIRECTED SOMEWHERE?

The IRS has told us that it will work with you to ensure that you obtain your legitimate refund if it has been sent to someone else. The IRS has further informed us that it may take several months to process this request. The Archdiocese has no control or involvement in that part of this process.

  1. CAN I GET A LOAN FROM THE ARCHDIOCESE WHILE THE IRS WORKS ON MY TAX REFUND?

No. Unfortunately, the Archdiocese is unable to assist with a loan. Please contact the IRS at 1-800-908-4490 to determine whether it can provide any advice.

  1. I RECEIVED AN E-MAIL FROM THE ARCHDIOCESE OF SEATTLE. WHAT DOES THIS MEAN?

We sent two mass e-mail communications. First, on March 7th (with the subject “Urgent Notice”), we sent an e-mail to all of the individuals on our Child Protect List. Then, on March 11 (with the subject “IRS Tax Fraud Scam”), we sent another e-mail because the first e-mail was caught by many spam filters. Both of these were legitimate communications from the Archdiocese. Beware of any other e-mails you received via e-mail purporting to be from the Archdiocese. These could be a scam.

We sent out an e-mail because we have learned that a number of our current and former employees and volunteers have had fraudulent tax returns filed in their names and we wanted to provide an urgent alert as quickly as possible. More information is available on our website at and once we determine the individuals affected, we will be sending a more formal notice, likely via mail to those individuals’ residences.

  1. WILL I RECEIVE ANY ADDITIONAL INFORMATION OR UPDATES?

Yes. We will be providing updates about the investigation through our website,

We are continuing to try to determine who was affected by this data breach, and will notify you if we discover thatyour personal information may have been compromised. In order to avoid communications from us being sent to your “spam” folder, please add o your list of contacts.

Please be EXTREMELY CAUTIOUS when giving out personal information and DO NOT DISCLOSE YOUR SOCIAL SECURITY NUMBER VIA E-MAIL (including to us). In the aftermath of security breaches, some opportunistic criminals seek to fraudulently obtain personal information of affected individuals by claiming to be the business experiencing the breach. Do NOT respond to any e-mail requests from entities requesting your social security number, date of birth, financial account numbers, login/password information, or other sensitive personal information in relation to this breach. We will NOT ask you for your social security number, date of birth, financial account number, or other sensitive personal information, with regard to this incident. If you receive any written request or electronic request via e-mail purporting to be from the Archdiocese of Seattle, and it looks suspicious, please e-mail us for assistance at .