Even after Target announced a data breach in 2013 which compromised 70 million credit and debit cards, the news has continued to be depressing.
Home Depot, Michael’s, Neiman Marcus, Anthem, Yahoo!, eBay, PF Chang’s, Google, JPMorgan and UPS have all reported some degree of cyber hack since Target’s revelation.
The most recent fissure of security may be the scariest of them all.
The Internal Revenue Service, IRS, reported recently that a group of hackers managed to gain access to personal information of over 100,000 taxpayers. The compromised information included Social Security numbers, salary histories and addresses.
In addition to the data loss, hackers were able to collect tax refunds numbering 15,000 that netted a total them a nest egg of roughly $50 million.
The hackers got into the IRS database through IRS’s own system called “Get Transcript.” Get Transcript is a database that stores taxpayers’ previous tax returns and normally requires a user’s Social Security number, birthday, address and filing status.
The hacking of Get Transcript means that the thieves already had this information and were just waiting to use it. It is impossible know for sure how much data was compromised. The Motley Fool recently reported that experts claim a 3,700% spike in activity at the IRS just in the first five months of 2015.
The Problem Has Been a Long Time Coming
Government monitors have repeatedly warned of possible tax fraud via IRS computer security weaknesses long before the recent disclosures.
Seven federal audits between 2007 and 2014 have outlined the dangers. The dangers included hiring an ex-con, without a background check, and failing to screen other workers who had access to the personal data.
The Treasury Inspector General for Tax Administration (TIGTA) has ranked security for taxpayer data and employees as being the top management challenges every year since 2004.
The IRS agrees with most the audits which have been carried out and promised to make corrections. However, IRS managers claim that Congressional budget cuts have made it difficult to upgrade security safeguards.
While the tax agency believes the recent data loss originated from within Russia, auditors tested security controls on 17 databases and, collectively, the databases failed over 30 percent of the tests.
Despite the IRS — and cloud security companies — claim to protect personal information, there are some steps that need to be taken by all of us to keep personal data out of the grasp of cyber crooks.
Be Careful What You Post on Social Networks
Be cautious with what is said on social media platforms. Once something is posted, it’s there forever. Posting that taxes still haven’t been filed just before April 15 may be the tip-off that hackers need to see that they still have time to use the information to file a fraudulent tax return. While the average victim is 46-years old, younger people are targeted increasingly because of their tendency to talk too much information on social networking sites.
Stay on top of any refunds due. Watching for any expected refunds won’t help prevent fraud, but it will be spotted faster. Using the IRS provided app, “Where’s My Refund?” tracking can begin within 24 hours of filing a return. If something suspicious is spotted, notify the IRS immediately.
File As Soon As Possible
File taxes as early in the year as possible. Cybercrooks are patient and prefer to wait for the IRS to get mired down with returns in April and often take advantage of procrastinating taxpayers. Filing early will help beat the thieves to the punch.
Use Strong Passwords
Creating strong passwords will help protect you online data. Microsoft suggests a password be at least eight characters long and doesn’t contain a complete word. The best passwords to protect financial and personal data should be significantly different from other passwords you use and should contain a mix of upper and lower case letters as well as numbers and symbols. Other tips include using secure password generators and password managers.
Watch the Paperwork
Even though the subject of this article is protecting data online, cyber thieves often start with a paper trail. Receipts, payslips, bank statements, utility bills and driver licenses all reveal a great deal of information about the owner. A combination of documents can be a cyberthief’s dream. Before tossing the bills and statements, use a personal shredder.
Wipe Data From Old Devices and PCs
Do a factory reset when turning in an old phone. A “soft reset” alone won’t remove personal data. When disposing of a computer, physically remove the hard drive.
Use Care When Using Public WiFi
Use caution when logging into IRS (or any sensitive) websites when using public WiFi connections. Public WiFi doesn’t typically have the same protection that a home, or business, computer will have. Logging in to check personal account data, or even to pay a bill, on a public WiFi network, could expose personal data to a hacker.
These tips can’t protect you from every attack but they can reduce your vulnerability somewhat. If nothing else they are better than doing nothing at all.