Knowledge and Insights

IRS ‘Get Transcript’ Hack Shows Increased Need for Cyber Caution

Puzzle Piece

The IRS announced on June 2 that from February to mid-May, criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through the IRS’ “Get Transcript” application including Social Security information, date of birth, and street address. The third parties gained sufficient information from an outside source before trying to access the IRS site, allowing them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.

Now under review by the Treasury Inspector General for Tax Administration as well as the IRS’ Criminal Investigation unit, the “Get Transcript” online application has been shut down temporarily. The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed. In total, the IRS has identified 200,000 total attempts to access data and will be notifying all of these taxpayers about the incident.

Cyber-attacks and breaches of major corporations and governmental entities are commonplace in the age of the internet. Each week seems to bring a new revelation of a major information breach, but there are a few things you can do to help protect yourself from these threats.

  • Use unique passwords for every website. While this can be a little more time consuming to remember, using unique passwords will prevent someone from breaking into all of your accounts if one password is compromised. There are numerous free password generators that can help create and store passwords to make keeping all these new passwords easier. If you’re not at your own personal computer, make sure to log out and close the browser when you’re finished with your session.
  • Make sure to use secure sites when divulging personal information. Look for URLs beginning with https:// (the “s” stands for “secure”). Most sites focus on how the information is presented to the user, but don’t care how the information gets from point A to point B. Secure sites take the data you’re sending, encrypt it, and send it though a specific channel that is more secure than an unsecured site. Next time you’re on Facebook, take note of the URL and notice that the data you’re sending is encrypted.
  • Don’t get phished. Requests for personal information including usernames, passwords, Social Security numbers, credit card numbers, and bank account numbers should be a major red flag if you’re not the one initiating the transaction. Websites are created that look like a site you intended to visit, but are actually a fake company disguised to solicit your personal information. If you’re unsure of a site’s legitimacy, call the actual company, explain the situation, and determine if the site you’re visiting is legitimate.
  • Don’t tell people all your personal information on social media. Don’t get me wrong, I use social media all the time, but I’m cautious about what information I share. Sure, everyone needs to know what I had for breakfast or how far I rode my bicycle today, but don’t send an update from your bank because it lets everyone know who you bank with and make you an easier target for identity theft.
  • Secure your network. An unsecured network makes it easy for someone to view the information you’re transmitting online including usernames and passwords and can even provide them direct access to your computer. It’s very easy to set up a password on your wireless network and it needs to be done.
  • Use anti-virus and anti-malware software. There are all kinds of sneaky ways to get into your computer system. Reduce the likelihood of a breach by installing, and regularly updating, both anti-malware and anti-virus software. There are many providers out there; do your research and choose one you’re comfortable with.
  • Keep track of your credit profile. Some people don’t realize their identity has been stolen until it’s too late. Your credit profile is a great way to learn about inquiries or new lines of credit and the sooner you catch it, the better. Information is powerful; the more you know, the safer you’ll be.

Every day there is a new way of prying into computers and networks and approximately 10 million Americans have their identities stolen each year. Do your best to stay ahead of the identity thieves by securing your information and keeping good online habits.