IRS Announces Data Breach; 200K Taxpayers Affected
The IRS announced last week that it was the victim of a data breach and the full files of 100,000 US taxpayers were accessed.
The event occurred between February of this year and sometime in May. The information in a tax file includes social security numbers, addresses, income, date of birth, tax filing status, and perhaps a lot more personal information.
The IRS is offering credit monitoring service to those affected by this. Should you get a letter from the agency stating you were one of them, take advantage of this service. Sign up for it right away. Also, check your credit report to make sure there is nothing suspicious appearing on it. The government-backed website, annualcreditreport.com allows each person with credit in the US to obtain one free credit report from each of the three major agencies each year. Security expert Jim Stickley of Stickley on Security recommends ordering one every 4 months from a different agency to keep better tabs on your credit throughout the year. If something suspicious does appear, contact the reporting organization immediately to get it cleared up.
If you were a victim of identity theft, consider putting a credit freeze on your report. This is a free service. However, it is necessary to contact each of the agencies, Experian, Equifax, and TransUnion individually to do this. It also needs to be renewed at the end of each period. These can be done by someone who has not been the victim of identity theft, but there will be charge. Just remember that a credit freeze prevents anyone from accessing your credit report. So, if you plan to apply for a loan or credit card, you will need to have the freeze temporarily lifted, which can take from 3 to 30 days.
What the bureaus do offer at no charge is a fraud alert. These are in force for 90 days at a time, and have to be manually renewed at the end of that period. This will not freeze your credit, but will alert you if someone tries to access your credit. Only one of the agencies needs to be contacted to do this and it will contact the others on your behalf.
According to the announcement from the IRS, the “criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information” on the tax accounts. Whomever did this acquired enough information from this outside source to bypass the multi-factor authentication that the IRS uses.”
It isn’t completely clear what the “outside source” was or whether any payment or other financial information was accessed. The IRS is performing a criminal investigation and is sending letters to the 200,000 taxpayers targeted. However, the credit monitoring services is only offered to 100,000 victims that it can confirm had information stolen.