The Internal Revenue Service (IRS) released on Tuesday, May 26,  2015, news of a major data breach, estimated to have affected 100,000 U.S. households’ tax returns. The data was wrongfully obtained from an IRS application known as “Get Transcript,” which allows taxpayers to access their prior tax returns. This data includes Social Security numbers, dates of birth and street address of individuals who have filed tax returns. The hackers used the data to produce a fake 2014 tax return, and then requested that the IRS send a tax refund to a hard-to-trace debit card.

Although only a small percentage of American households have been affected, the impact is significant. The IRS stated that since the hackers were already in possession of personal information belonging to the affected taxpayers, the hackers were able to clear the multi-layer authentication process, which asks the applicant a series of personal questions with the expectation that only the taxpayer could provide correct details.

Where might a hacker easily access a taxpayer’s personal information? How about social networks such as Facebook, Instagram or LinkedIn? Social networks often encourage members to complete their public profile by answering questions such as:

(1) Who was your high school mascot?

(2) What city were you born in?

(3) What is your favorite sports team?

The social networks presumably want to connect similar individuals–perhaps old friends or schoolmates. On the other hand, hackers can access this personal information as well, especially if your profile is public. Even if your profile is set to a private security setting, hackers may be able to find a way to access this information. It’s best to assume that any information shared on a social media network can be viewed by anyone, and potentially used by them for other purposes.

Look for the Obama administration to increase the IRS budget in 2016 in an effort to enhance its data security infrastructure to protect taxpayer data. We expect further developments in the coming weeks and will keep you updated on any progress.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.

Read more about Jim Merrifield
Show more Show less
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Linn Foster Freedman
Show more Show less
Related Posts
Precious-Metal Refiner Hit with Data Breach Class Action over 2023 Cyber-Attack
November 7, 2024
Columbus, Ohio Notifies 500,000 of Data Breach from Ransomware Attack
November 7, 2024
Tracfone Settles FCC Investigation for $16 Million
July 25, 2024