Hackers are clever, frequently using some feature of a website that was put there for convenience as a way in to get even more valuable information. That’s exactly what happened to the IRS when hackers used data stolen from other sites to hack through a multi-step authentication process in the “Get Transcripts” section of the IRS web system. Once into that system, they were able to get past tax returns and use that information to file fraudulent tax returns to the tune of $50 million dollars.
The hacker(s) made attempts on 200,000 accounts and were successful in getting into roughly half of them. What makes the IRS hack more serious is the depth of information that government agency keeps on nearly everyone. That data is, in a very real sense, the key to the information kingdom on everyone who files a tax return. With that information thieves could not only claim the victim’s federal tax return but then turn around and file for a refund on his or her state tax return as well.
Whether or not your data was exposed in the IRS hack, this is a good opportunity to review your identity theft triage procedures and data security practices to make sure you’re on the safe side of the road.
If You Were One of The 100,000
If you were one of the 100,000, you’ll be notified by snail mail. If you don’t want to wait you can call the IRS Identity Protection Specialized Unit at 800-908-4490 and see if your account has been flagged. In addition, you may also want to check with your state revenue agency. You would also follow those same procedures if your identity has been stolen through another means. Filing for fraudulent tax returns is one of the most common ways of stealing from identity theft victims.
Get a Police Report
Another day-one task in cases of identity theft is to get a police report, which you’ll usually need to contest every disputed charge and line of credit that’s been opened in your name. The police don’t usually do a lot of investigating, but that’s not why you get it. It can also be helpful if the person stealing your identity racks up criminal charges, traffic tickets and other legal problems that can then land on your doorstep.
Notify The Credit Bureaus
Your police report is the key to getting a number of free services from the three major credit bureaus, which are Equifax, Experian, and TransUnion. One of the services you can get is free credit monitoring. The monitoring lasts 90 days, but can be extended and warns institutions issuing credit that you were an identity theft victim and they should be extra careful in verifying your identity before opening new accounts.
Consider a Credit Freeze
Credit freezes keep anyone from opening credit in your name and are usually good for 7 to 10 years, depending upon the laws in your state. Normally there’s a fee for this procedure but, if you have the police report we just talked about above, then you can get a credit freeze for no charge. Unless you’re regularly applying for credit, there’s no harm in freezing your credit reports. If you’re at the point where the only real debt you have is a mortgage, definitely consider a credit freeze.
If Your Driver’s License Is Stolen
This one doesn’t apply to the IRS situation but, if you ever lose your driver’s license, you’ll want to contact the DMV right away to cancel your old license. That keeps someone from pretending to be you and getting arrested or running up traffic citations which could result in warrants being issued for your arrest. You’ll need to obtain a replacement license and that means dragging along all those primary identification documents you took with you last time you got a new license. Keep copies of everything, including the original police report, with you at all times.
Of course you should also do the usual basic steps of checking your credit reports for accuracy every year and don’t give out your social security unless it’s an employer or financial institution. Your doctor’s office doesn’t need your social security number and, from my days in IT, I can tell you that doctor’s offices were some of the worst offenders when it comes to data security that I ever witnessed in the business.