He has some good advice; claim your account before someone else does.
I am having a really tough time believing she never suspected she was doing something illegal.
Why? People fall for the "I have $20 million for you, I just need a few hundred bucks to do the paperwork" scam all the time.
Our luck ... our data was stolen in the Anthem fiasco and used to submit fraudulent returns. No problem. The IRS contacted us to let us know and asked us to use the verification system to prove we were ourselves.
I cannot wait for the auto notification we were part of this data issue. lol
What I cannot understand about the issue is no one noticed a 50% failure rate in the process.
As part of clearing this up with the IRS, I had to verify my own identity and validate that the return that we (physically) sent was the true and correct return. After a whopping 2+ hours on hold, I ran a grueling gauntlet of rather obscure questions that amount to some flimsy shared secrets I happen to have with the IRS. Once my identity was confirmed, I learned that the thieves had filed a 2014 AGI that exactly matched my 2013 AGI. The IRS representative told me that this was unusual (that is, that they normally they just make numbers up), and it's clearly stupid (my return was flagged and didn't pay out), but it obviously left me concerned that someone had somehow located my 2013 return. With this latest revelation, it's now clear that this could have easily happened via the IRS itself.
Assuming that my experience is indicative of a larger trend, I expect many more similar revelations as the IRS picks up the debris from the 2014 tax season -- and it wouldn't surprise me at all if the true target of the Anthem breach wasn't in fact the IRS: this crime is just too damn easy to pull off and get away with. The bright side of all this: things very clearly have to change, and I wouldn't be at all surprised if the IRS ends up issuing PINs to all e-filers this coming year.
Will there be punitive lawsuits against the IRS as there were for Target and likely will be for Anthem?
Also - I'm confused - I have an e-file PIN. You don't?
1) Prior year AGI
2) Electronic filing PIN
They can also issue a taxpayer a special Identity Protection PIN. If you're issued one of these you MUST use it.
There are two groups of people that don't need to "authenticate" at all:
1) Anyone who didn't file the previous tax year
2) Anyone filing by mail
So having an e-file PIN, or even using an e-file PIN to e-file, does not imply that your tax return can't be e-filed by someone else who only has your previous year's AGI.
Make no mistake: IRS needs to be held responsible for this. It is their fault.
I'd suspect the information needed to access the tax returns was obtained via phishing or a data breach elsewhere like a tax preparation service.
The fault should be with the person/people that stole the tax information, not the IRS.
Blaming the IRS would be like blaming a home owner for not installing a good enough security system when they get robbed instead of the criminals.
If I pay my bank for a safe deposit box, good security is part of what I am paying for. If it can be shown that they were lax/careless/negligent in the event of a theft, then I certainly would lay blame with both the bank and the thief for loss of my assets.
This is even more the case for a government with vast resources.
People need to be held accountable for the security of their systems when they are storing personally identifiable information on customers or the public at large.
Edit: Perhaps they shouldn't be blamed when someone leverages a zero-day to break in, but if this is due to their failure to patch their systems, IMO their 100% liable for everything that follows.
Take for example some large corporations. I.e. if Amazon or Google stores their customer information carelessly, and someone steals it - then Amazon would be victim, and if you say that they should have protected the information, you are blaming the victim because you don't like them?
The American revenue service has even larger resources and also a larger responsibility than even the largest of multinational corporations. They should be held accountable for what they do (like the tax officials in any country).
The budget cuts will continue until security improves!
Do we know if the system was compromised, or if the thieves just had access to the personal information of those taxpayers?
You'd think we'd have a better system by now than a short-ish unique number which never changes during your lifetime as the key for much of your financial / credit-related authorization.
http://securekey.com/press-releases/securekey-technologies-w...
SecureKey IIRC is used by Canada. USPS is in a unique position in that they have a ton of employees literally who can verify mailing addresses by brute force. Every day (except holidays). Rain, Snow or shine.
Having USPS in charge of the US's future "online identity" would be a good way of transforming the ailing agency and giving them a very useful purpose that only USPS can do. There's a lot of win/win potential here.
In the more mundane act of fraudulently bypassing the IRS's trivial security to steal a tax return… thieves got me, probably as a result of Anthem's inadequate security. The thieves didn't even have the courtesy to pay what I owed! I say you file my tax return, you take your chances.
The maddening part, aside from the scramble when the April 14th filing from the tax people failed, is that no one in law enforcement is the slightest bit interested in enforcing the law.
Not to mention save all of us from the headache of things like this.
I liked Adam Gopnik's summation last week:
“What we have, uniquely in America, is a political class, and an entire political party, devoted to the idea that any money spent on public goods is money misplaced, not because the state goods might not be good but because they would distract us from the larger principle that no ultimate good can be found in the state. Ride a fast train to Washington today and you’ll start thinking about national health insurance tomorrow.”
http://www.newyorker.com/news/daily-comment/the-plot-against...
You have to understand individuality and apply it broadly. If you don't, then it's cognitively easier to lump people into groups that you don't have to care about, and can even grow to hate.
The real headline is that the IRS is hackable.
They spun it even better than that. The headline is "thieves stole tax info from 100,000 people" (i.e. not from the IRS, but from the people themselves)
That's not borne out in the slightest by what we know from the article. These people might've been phishing victims - you wouldn't claim a bank is hackable because people entered their bank password on a phishing site.
The number quoted in the article is 104,000.
Obvious questions:
1. Is 104,000 the exact count, or has it been rounded?
2. Did the hackers stop when their success count got there?
3. Does nobody else think it is funny that 1040 is a factor of 104,000? :)
[edited a lot]
(I can't comment on the rest of that rant though)
Lo and behold, there was a data breach of employee and volunteer records. Volunteers had to have background checks, which required the SSN. Thousands of people had their IRS return hijacked due to this breach. I personally know dozens of people who were impacted.
From what I've seen of their information security, I remain completely unsurprised that they had this breach and that to this date they have no idea how it happened.
It just that most people believe that not making their SSN public is enough for it to be safe.
The problem seems to be trying to carve out exemptions for little things here and there.
Just use a decent tax rate, get rid of all that crap, calculate what I owe and send me a bill or send me a check if I over-withheld or something.
Ugh it's so hard building a proper civilization.
Because Intuit, H&R Block, and others like them who have built substantial businesses doing all that empty-work for you have made damn sure that Congress doesn't legislate their meal ticket away.
We wanted to; the tax-preparation lobby killed it.
Per the article, the attackers had to put "the taxpayer’s Social Security number, date of birth, address and tax filing status" into a form to get access.
Alert: The online Get Transcript service is currently unavailable. Transcripts may still be ordered using the Get Transcript by Mail service. We apologize for any inconvenience.
