Every so often, there are news reports about data breaches occurring at major retailers. These breaches tend to expose customer credit card information, which thieves can use to rack up debts under victims’ names. While these breaches are understandably concerning for both the affected businesses and their customers, they can be managed with quick action to minimize the financial damage.
However, the data breach that affected the Internal Revenue Service last year was, in many ways, more troubling. It was a story that started big and kept getting bigger as more information became available. Even now, one year later, we may not be fully aware of how many people were affected, and how many cases of identity theft will be tied back to this single event.
What went wrong?
News of the IRS breach first broke in May 2015. At the time, the agency announced that as many as 100,000 tax accounts had been affected by hacking attempts that began as early as the previous February. According to initial reports by USA Today, the thieves were able to access the accounts by stealing personal information about taxpayers from other sources. They used this information to answer security questions, and once successful they were able to access transcripts containing Social Security Numbers, birth dates and street addresses.
At this point, the thieves were in a position to create financial accounts under the victims’ names. But because they had stolen the information from the IRS, they could go even further and file tax returns under false names. In some cases, this allowed them to claim refund checks that did not belong to them.
The scheme grows
The IRS hack was far from a small operation. The agency now believes that the hackers had help from a number of anonymous people who submitted queries to the IRS for the purpose of gathering this information. As the investigation continued, it became clear that as many as 330,000 Americans were affected, and the thieves stole millions with false tax returns.
What made things even more difficult for the victims is that, by law, the IRS is not allowed to divulge details about fraud until it conducts its own investigation, even to the victims themselves. When taxpayers began to suspect that they had been defrauded, they tried to contact the agency but had difficulty making progress. In fact, speaking before a Senate hearing on the breach, IRS commissioner John Koskinen said that the agency would not hand information over to law enforcement agencies, or even the banks that received stolen money.
We still do not know what the full consequences of the IRS breach will be.
Many taxpayers have already had money stolen as a result. Many more could experience the same this year. The problem with identity theft is that once someone gets a hold of a victim’s personal information, they can use it whenever they want, unless the victim takes certain precautions. Things like monitoring credit files regularly, obtaining a credit freeze or adding credit alerts to your file are some of these precautions.
Taxpayers need to understand that even a government agency as secure as the IRS can be hacked, and ordinary Americans can be defrauded through no fault of their own.
If you have concerns about identity theft, invest in an identity theft protection service, which regularly monitors credit files, Social Security Numbers and public records. An identity Identity Guard service can notify you of certain activity that may indicate fraud and give you the information necessary to act. To learn more, contact Identity Guard today.