The Internal Revenue Service recently announced that more than 100,000 taxpayer records had been stolen via their website. These illicit activities involved the agency’s “get transcript” feature, which was designed to help taxpayers access their own tax records online for various financial verification purposes.
Thieves immediately used the illegally-obtained information to attempt to file tax returns for refunds. The IRS flagged more than 23,000 of these attempts and is still trying to sort out which were legitimately filed by taxpayers and which are fraudulent.
Many of the weaknesses in the “get transcript” process hinged on the fact that massive amounts of customer information from other large and small-scale data thefts is already available to criminals. This means they can use the information they already have on hand to help answer many standard security challenges.
This is not the IRS’s only vulnerability in regard to online identity theft. The agency lost more than $5 billion to refund fraud for the 2013 tax year. It is slowly attempting to improve its security measures, but many recommendations from previous technology audits have still not been implemented.
That’s not to say that the IRS hasn’t made any progress in improving security and prevention. They have established a cybercrime unit that should help stem the hacking attacks.
Here are a couple of questions your clients may ask you about their risk of involvement in this particular breach, along with answers you can provide:
How will I know if my information was stolen from the IRS?
The IRS will send you a letter through the mail if your account was among the 200,000 that criminals attempted to access or succeeded in accessing. The IRS will never call or email you for any reason, so if you hear from someone purporting to be from the IRS by either of those methods, do not provide any information or click any email links. Also, your notification letter from the IRS will not ask you for any personal information, so be suspicious of any correspondence that does.
What will the IRS do for me if criminals accessed my information?
If your account was among the 100,000 or so that were illegally accessed, the IRS will offer you free credit monitoring. This will act to alert you to anyone who might use your personal information to open an account or otherwise steal your identity. Unfortunately, it will still be up to you to handle the fallout from any identity theft attempts that you find out about.