Another day…another data breach. Unfortunately, this one involved the IRS. Yes, it is estimated that 100,000 tax payers had their tax returns with all of their personal information stolen from the IRS database. However, this was not your ordinary security breach. This was a sophisticated crime.
Hackers ALREADY had personal information before breaking into the IRS data system. They used personal information obtained in other security breaches to pass the authentication process and obtain prior year tax returns. According to the IRS, there were 200,000 attempts between February and May of this year. Roughly 100,000 were successful and 100,000 were not successful.
Information from those tax returns was used to file fraudulent returns. The agency sent nearly $50 million in refunds before it detected the scheme.
So, how do you know if you were involved in the cyber-crime?
The IRS is in the process of notifying those whose information was compromised. They will also notify the other 100,000 whose information was not successfully compromised.
ALL of those notified by the IRS need to take precaution. Whether the hackers were successful or not is not the point. The point is that the hackers had personal information sensitive enough to use the authentication process in order to steal the returns. This is the kind of information that a criminal can use to commit an identity theft. The mere fact that a hacker tried to use personal information would suggest that they intend to use information for identity theft purposes.
The IRS has said that they would provide credit monitoring. However, it is not clear if they are going to be providing credit monitoring to all three credit reporting agencies.
BOTTOM LINE: No one should be without round the clock credit monitoring. The stakes are too high and the security breaches too many. Credit monitoring is the first line of defense against identity theft.