Taxpayer Identity Protection is of Utmost Importance

combination-safeBy now, you are most likely in the midst of gathering your tax information or have already scheduled a meeting with your tax preparer. Maybe you are an early bird and have filed your taxes. That’s good news, since there have already been cyber attacks at the IRS attempting to use personal data stolen from sources outside of the IRS to generate e-file PINs for stolen Social Security Numbers.  So, if you’ve already filed and will be getting a return and a date from the IRS saying when you should receive it, you’re ahead of the criminals.

It is my opinion that no taxpayer can afford to be cavalier about protecting information that will give sophisticated cyber criminals the ability to steal their identity. Safety is of utmost importance.

IRS Commissioner, John Koskinen is a proponent of taxpayers applying for an Identity Protection Personal Identification Number (IP PIN) to protect their identities when filing their taxes. Originally the IP PIN project was restricted only to those whose identities had already been stolen. However, the program is now open to all taxpayers. He’s even applied for an IP PIN for himself. According to an NBC News article, Koskinen said he would prefer to give taxpayers a different number to use than their Social Security Number for filing their taxes, but said that idea was “easier said than done.” 

According to the IRS, they identified and were able to stop the most recent attack. However, the incident involved a web robot. For those of you who don’t know these web robots are software applications known simply as a bot.  These bots perform tasks that are simple and structurally repetitive at a much higher rate than would be possible for a human alone to perform.

The IRS identified 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN. The IRS continues to closely monitor the web application.  They seem pretty sure as NBC News reports that “No personal taxpayer data was compromised or disclosed by IRS systems.” A spokesman told NBC News that, “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application.  The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.” 

With the growing number of attacks on the IRS, it seems every taxpayer’s identification is in jeopardy. Going online to request information is even risky. Last year, the IRS suffered a data breach in its online Get Transcript application during tax season. It remains in limited use this tax season and can only be used to order tax transcripts by mail. Snail mail may be the safer route but in the digital world we’ve grown accustomed to, most taxpayers are likely to opt for speed despite the risk to their identities.

Regarding the recent activity where criminals tried to figure out how to get a filing PIN, the IRS Commissioner said that, “All of that data and all of those people’s Social Security Numbers that we know have been shared with states and with preparers so they can in fact advise their clients to take appropriate actions.” He also said that all those who had been affected by the E-File PIN attack would be receiving letters from the IRS telling them their identities had been compromised. And, as if the criminals weren’t bold enough Koskinen said some identity thieves have been asking the IRS about why they haven’t received their tax refunds.

The thieves aren’t waiting for snail mail. They’re actively working to get at your money as quickly as they can. Do everything you can to protect your identity.