If you haven’t heard already, criminals used the IRS Get Transcript service to fraudulently gain access to the accounts of approximately 104,000 taxpayers. They had information for about 200,000 taxpayers, so just over half of their attempts were successful. Click here to read an article on the data breach.
Note that IRS computer systems have not been “hacked” in the technical sense. The criminals used stolen personally identifying information (name, address, SSN) and “outside the wallet” information that was used to answer security questions in a multi-tiered system. In other words, the IRS computer systems’ security were not compromised, criminals were able to steal/glean enough information to fraudulently access a secure site by pretending they were taxpayers.
The IRS will be issuing notices to ALL taxpayers whose information has been compromised (not only those whose information was successfully used to file a fraudulent return) in the near future.
If you are our customer (insurance or tax preparation) and receive one of these notices, please contact us for more information on what you can do to help protect yourself including contacting your insurance carrier to let them know to watch for suspicious account activity.
Click here to access the only federally approved site for a free credit report. Note that this site uses the same combination of personal information and “outside the wallet” information as the Get Transcript service to verify your identity.
Unfortunately, I expect that this will be the first in a series of similar breaches. Social media sites like LinkedIn and FaceBook provide a platform for sharing and much of what is shared is “outside the wallet” information such as pet names, schools attended, former places of residence, etc. Please be extremely careful about the information you share. Just because a social media site is asking for it to pad their database does not mean that you are required to provide it.