Roughly 1,300 Rockhurst employees have been impacted in a data breach involving personal tax information. The university said it is is working with authorities, including state and local law enforcement as well as the FBI, in the ongoing investigation.

The breach was restricted to data of faculty, staff and student workers employed with the university during the 2015 calendar year, all of whom received an email Wednesday morning informing them of the data breach.

The breach occurred on April 4 and was discovered by the university on April 6. The stolen data came from employees’ 2015 W-2 forms. The stolen information includes employee names, mailing addresses, salary amounts, withholding amounts and Social Security numbers. It did not extend to personal financial information, such as bank account numbers, PIN numbers, security codes, and credit card numbers.

Jesuit Fr. Thomas Curran, RU president, said in a statement that a preliminary investigation found that the breach was a result of a “phishing” scam that impersonated a university administrator’s email address to access the information.

“I have the highest regard for you as a companion in our Jesuit enterprise of higher education and respect the privacy of your information,” Curran said. “I apologize for the disruption the data breach causes you in your personal life and professional work. I’m angered that someone chose to victimize our institution and the good people that contribute to its important work.”

He added that the school “will continue to work expeditiously to minimize the harm resulting from this security incident.”

The university has arranged for 24-month identity and credit protection for employees at no charge to them. Employees should receive a letter in the mail with further instructions to sign up for the credit monitoring by Monday.

The University has scheduled two information sessions for the affected employees. The sessions take place in the St. Ignatius Science Center, Room 115. The first is set for Thursday at 4 p.m., and the second for Friday at 2:30 p.m.

The university released the following statement Tuesday:

“Rockhurst University has notified approximately 1,300 people who were employed by the University during 2015 about a data breach that resulted in a third party’s theft of their personal information. Rockhurst was the target of criminals who obtained IRS W2 forms through a targeted phishing scam in which a University administrator’s email address was impersonated. The University contacted local and federal officials as soon as the breach was discovered and has made arrangements to provide assistance to all those whose data was compromised. The University has since learned that this type of scam is becoming increasingly common, especially during the tax return preparation season.”

The University has also set up a webpage for further information. www.rockhurst.edu/databreach.

This is a breaking story. Check back at RUSentinel.com for further updates.