The Internal Revenue Service (IRS) released on Tuesday, May 26, 2015, news of a major data breach, estimated to have affected 100,000 U.S. households’ tax returns. The data was wrongfully obtained from an IRS application known as “Get Transcript,” which allows taxpayers to access their prior tax returns. This data includes Social Security numbers, dates of birth and street address of individuals who have filed tax returns. The hackers used the data to produce a fake 2014 tax return, and then requested that the IRS send a tax refund to a hard-to-trace debit card.
Although only a small percentage of American households have been affected, the impact is significant. The IRS stated that since the hackers were already in possession of personal information belonging to the affected taxpayers, the hackers were able to clear the multi-layer authentication process, which asks the applicant a series of personal questions with the expectation that only the taxpayer could provide correct details.
Where might a hacker easily access a taxpayer’s personal information? How about social networks such as Facebook, Instagram or LinkedIn? Social networks often encourage members to complete their public profile by answering questions such as:
(1) Who was your high school mascot?
(2) What city were you born in?
(3) What is your favorite sports team?
The social networks presumably want to connect similar individuals–perhaps old friends or schoolmates. On the other hand, hackers can access this personal information as well, especially if your profile is public. Even if your profile is set to a private security setting, hackers may be able to find a way to access this information. It’s best to assume that any information shared on a social media network can be viewed by anyone, and potentially used by them for other purposes.
Look for the Obama administration to increase the IRS budget in 2016 in an effort to enhance its data security infrastructure to protect taxpayer data. We expect further developments in the coming weeks and will keep you updated on any progress.