IRS Data Breach Demonstrates the Risk of Trying to Help Taxpayers
NEWS ANALYSIS: The Internal Revenue Service learns the dangers of using the Internet to try to make things a bit easier for taxpayers.Once you get that new PIN, keep track of it, but not in the same place as your other personal data. You'll need it at tax time, and if you work with a tax preparer, they'll need it too. Regardless of whether this potential scam hits your personal or business taxes, it pays to be prepared. The IRS has a whole section on their Website just for helping people deal with identity theft. In addition, there's a one-page summary for individual taxpayers, and there's another page for protecting businesses against identity theft. The IRS provides help in the event that a data breach that potentially involves tax-related records hits your employer or your own business. Even if you or your business aren't notified that your information was taken in the latest data breach there are still steps you can take even if you only think your information might not be secure. One of the most important is an affidavit you can fill out to request one of those security PINs that the agency is giving out to people it knows have been breached. By now you've probably noticed that I haven't excoriated the IRS for shoddy security practices, lax management of personal information or even carelessness. There are a couple of reasons for this. The first is that considering the trove of personal data the agency holds, the fact that the scammers only reached a tiny percent means that the IRS must be doing a lot right.
Considering that the hackers, even when armed with detailed information from tax accounts, could only manage to get tax return information from fewer than half, says that the verification security the IRS is using must be working pretty well.