Hacked Equifax Hired by IRS

Hackers Were Able to Obtain: Names, Birthdays, Addresses, SS #s, Drivers Licenses & Credit Card #s

Yes you read that right.  The IRS plans to go forward with hiring Equifax to verify and validate taxpayer identities in the wake of their massive systems breach.  If you missed the news (because apparently the IRS did), hackers were able to obtain confidential financial information—including social security numbers—of 145 million users; which now equates to the largest US data breach in history.

Outraged by the IRS’s decision to hire Equifax, some members of Congress spoke out including Senate Finance Chairman Orrin Hatch (R-Utah). He recently told Politico:

 “In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed.”

The IRS continues to defends it’s choice, stating that the service Equifax was hired for will not put U.S. taxpayers personal information at risk.  They will, however, keep a watchful eye on their new hire.

If you have been affect and/or would like to find out if your were affected by Equifax’s breach you can do so by clicking here.  However, we advise caution before using services to ascertain Equifax exposure.  According to the terms and conditions, users that access Equifax’s systems to determine if their information was compromised are voluntarily giving up their rights to sue and/or join class action lawsuits against Equifax.

If you would like more information about this breach or would like to to speak to an R&G Brenner professional, contact us toll free at (888) APRIL-15 or via web by clicking here.


Taxpayers: Protect Yourself From Identity Theft

Protect yourself from Identity Theft

Identity theft has become a huge problem for the IRS.  Last year alone, there were nearly 650,000 cases of Identity Theft reported to the IRS.  Some believe the skyrocketing amount of cases are a direct result that the IRS now requires all tax returns to be filed electronically.  The IRS has implemented “digital safeguards” this year to intercept returns which they deem have a high probability of identity theft, and have deployed a task force of 3,000 agents who’s job it is to investigate Identity Theft.  Unfortunately, many taxpayers who are legitimate “early filers” are bound to get caught up in the web of “digital safeguards” and have their much-needed refunds delayed. And while the Task Force the IRS has deployed to investigate cases is good, it’s effectiveness is limited to after identities are already stolen are returns are filed fraudulently; no real relief to the victims. While this influx of electronic data has clearly exposed the IRS safeguards of personal & private electronic data to be lacking, the are certain steps that the taxpayer can take to help secure their sensitive information:

  1. Avoid sending or receiving W2’s, 1099’s or any other personal tax documentation to or from anyone by e-mail.  Encryption offers some defense, but there are still safer ways to communicate your tax data.  REMEMBER: A single W2 or 1099 contains your name, address, social security number/EIN; all the info that any would be thief needs to file a fraudulent return.  An email server can be anywhere in the world and could be susceptible to attack.  Furthermore, the email accounts of the sender and receiver are susceptible to hackers as well especially since it has been shown that password security for the average user is sorely lacking.  The best alternatives are to a) send everything by mail or b) fax your documentation (however many fax services are increasingly turning to “E-Fax” technology whereby faxes are converted to emails…thats why option a) is still the most secure.)
  2. Do not carry your social security card with you, or supply your SS# to anyone over the phone/internet without confirming who they are and why they need it.  This appears to be a “no brainer”, but many taxpayers carry their Social Security numbers in their wallets/bags along with their driver’s licenses and IDs. Again, a lost wallet gives everything a thief needs to steal identities. Beware of online & phone scams as well asking for your SS#’s.  The IRS will NEVER request sensitive private information over the web/phone unsolicited.
  3. Maintain physical safe-guards to protect your private data.  This is as simple as a locking file drawer or cabinet.
  4. Maintain digital safe-guards.  Sometimes it is impossible to keep all your private information only in paper format.  If you keep data on your computer it is important to have in place: a) strong passwords which are changed frequently b) a firewall; never plug a wire directly into your computer from a your broadband modem c) anti-virus software.
  5. Verify your credit report.  This should be done once every 12-18 months.  Anything out of the ordinary like a steep drop in your rating is a good indicator that your identity may have been compromised.
  6. Optional: Obtain Identity Theft Protection.  If you have ever been a victim of identity theft, buying protection is recommended; who knows who still has your information out there?  If you relay or store a lot of personal data via the web, protection may be a good idea as well.  There are many affordable services that would be well worth the cost if you become a victim of Identity Theft just once.

While there is no “magic bullet” to prevent Identity Theft entirely, following the general rules above will limit your exposure. If you’d like more information on how to safeguard yourself and your family from Identity Theft–or have any tax related inquiries–feel free to contact and R&G Brenner professional here, or call us toll free (888) APRIL-15.

IRS Lacks Adequate Data Protections

IRS' Network At Risk

The IRS has failed to implement key components of its information security program, potentially putting at risk sensitive agency and taxpayer data, according to the federal government’s top watchdog.

A report from the Government Accountability Office released Friday concludes that IRS computer systems used to process financial and taxpayer data are subject to “control weaknesses” that could “jeopardize the confidentiality, integrity and availability of the financial and sensitive taxpayer information processed by IRS’s systems.”

Specifically, the GAO noted that the IRS has not consistently put security controls in place to monitor actions on its computer systems, identify and authenticate users and ensure that sensitive data is encrypted while in transit. The report also said that outdated and unsupported software continues to expose the IRS to “known vulnerabilities and shortcomings in performing system backup place the availability of data at risk.”

“Considered collectively, these deficiencies … along with a lack of fully effective compensating and mitigating controls, impair IRS’s ability to ensure that its financial and taxpayer information is secure from internal threats,” the report said.

The IRS uses computerized systems to support the processing, storage and transmission of critical financial and taxpayer information. To manage that information, the IRS maintains enterprise data centers in Michigan, West Virginia and Tennessee.

Federal watchdogs conducted audits at all three locations. They also reviewed key IRS security policies and interviewed agency officials during fiscal years 2011 and 2010.

The GAO noted that the IRS has established a framework for a comprehensive information security program, and has even made strides in addressing security deficiencies. That includes the creation of working groups to “identify and remediate specific at-risk control areas.” However, the report notes that the IRS has still hasn’t fully implemented the program.

The GAO recommended that the IRS take six specific actions to help put the security program in place, including improvements to the agency’s continuous monitoring process. The GAO also said it is recommending an additional 23 steps in a separate report to” correct newly identified control weaknesses.”

The IRS, in a response to the GAO report, agreed to develop a detailed corrective action plan to address each recommendation.