This tax season, the Internal Revenue Service (IRS) has been working closely with big tax preparation vendors and chains to improve the security this year and safeguard against widespread identity theft. The IRS is now requiring stricter password standards, a new timed lockout feature and limited unsuccessful log-in attempts, along with three security questions. The IRS is also requiring that vendors and chains use “out-of-band verification” for email addresses which include sending an email or a text to the customer with a PIN that they have to enter to process their taxes.
These additional precautions come after a disastrous tax year in 2014 not only for the IRS, but for private tax vendors and chains. Now, this week, around 9,000 accounts were frozen by TaxAct, a Illinois tax information software vendor, when they discovered that its accounts were accessed by hackers. TaxAct said, “The attacker did not gain access to income tax returns for the vast majority of suspended accounts.” However, TaxAct did sent 450 breach notification letters to its customers informing them of the breach that occurred between November 10, 2015, and December 4, 2015, allowing unauthorized access to their names and Social Security numbers. TaxAct is also offering credit-monitoring services. While this is certainly not a breach affecting a large number of people, it serves as a warning to taxpayers (and vendors alike) that we need to use top-shelf security safeguards to protect our Social Security numbers.