Monday, April 18th is Tax Day, aka, National Identity Theft Day. OK, that part’s not true, but as millions of taxpayers go online to file taxes, it may as well be. The majority of taxpaying citizens file online, using services such as the popular TurboTax, H & R Block, and TaxSlayer . Even the IRS now offers its own free online tax filing service, Free File. While online filing provides a convenient and more expedited means to submit tax documentation, it also introduces challenges akin to a massive clearance special on the Dark Web. With all that personally identifiable information (PII) flying around the web, you (almost) can’t blame criminal enterprises. They’re kids in a candy store… They just can’t help themselves.
In all seriousness, identity theft and fraud are real problems that far too many of us have faced in recent years, thanks to the “internet of everything”. Never before have we enjoyed the ability to recon a vacation property via Google Earth, log into our bank account to check our balances or pay bills, “chat” with colleagues over instant message, purchase that miniature horse pet door, or binge watch another season of Homeland – right from that one spot on the couch you haven’t moved from…. for days. And as convenient as all that may be, the very same technology that allows us to avoid human contact for weeks on end, also provides a very attractive vehicle for criminal activity. The same benefits we enjoy while not cyber stalking an ex on Facebook, cyber criminals and hackers enjoy while “breaking into” financial institutions, the Department of Defense, retailers and even the IRS. And this time of year, it’s like Cyber Christmas.
From across the world, or the basement next door, bad actors could be submitting fraudulent tax returns with the information stolen from tax preparing software websites or the IRS itself. The data that can be obtained from tax documents is the cybercrime “holy grail.” Far more valuable than a person’s bank account info, or a credit card stolen from a retailer’s point of sale, tax data exposes so much of one’s personal life, including family members and their PII and employment information. With these golden nuggets, a motivated bad guy can steal an identity by applying for new credit lines and causing a whole mess of liability issues for the unlucky victim to unravel.
While I have never personally endured such an ordeal I have heard from many that it’s so challenging to recover from that the punishment for actually committing a petty crime is a seemingly better outcome. Considering this, I am surprised to still see audits that cite continuing security vulnerabilities in e-filing systems, additional data breaches and even unresolved vulnerabilities in software months after detection.
While there is evidence government agencies are facing decreasing budgets, while cyber criminals continue to become more advanced, responsible parties seem to be outraged at such “lax security”. But t the fact of the matter is – without adequate priorities, funding and oversight, we cannot expect our sensitive information to protect itself.
Right now, as tens of millions of taxpayers transmit their PII over the web, criminals are planning and executing to commit fraud. We know that tax data is highly valuable, and identity theft is debilitating for a victim, yet the ability to verify true identities is still difficult. As the 2015 tax dollars are reconciled, it is my hope that all the “responsible parties” take notice of the risk citizens face with their tax information, and take the necessary steps (priorities, planning, funding, execution and oversight) to ensure the best possible safeguards in protecting it.