Tag Archive: identity theft


Equifax Massive Data Breach

 

 

 

equifax.jpgA huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.  Others in the U.K. and Canada were also impacted, but Equifax hasn’t said how many. The data breach is considered one of the worst ever because of its reach and by the sensitivity of information exposed to the public.

The hackers have accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses. Credit card numbers for about 209,000 U.S. customers were compromised, in addition to “personal identifying information” on about 182,000 U.S. customers.

Equifax (EFX) is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders.   The data breach is among the worst ever because of the amount of people affected and the sensitive type of information exposed.  The company said it found no evidence that consumers in other countries were affected beyond the U.S., U.K. and Canada.

Equifax said the breach happened between mid-May and July 2017.  They discovered the hack on July 29th and promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities.

They reported the breach to the public on September 7th.  They said hackers exploited a U.S. website application vulnerability to gain access to certain files and they are investigating the breach.  New York Attorney General Eric Schneiderman has also launched a formal investigation into the hack.  Consumer Financial Protection Bureau is looking into the breach as well.

Equifax said it will send notices in the mail to people whose credit card numbers or dispute records were breached.   They have also established a dedicated website, www.equifaxsecurity2017.com  to help consumers find out if they have been impacted.  To find out if you are potentially impacted, you can go the website-click on “Potential Impact,” and enter your last name and last 6 digits of your Social Security number.

The company is also offering a program called TrustedID Premier. It says that includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year.  You must complete the enrollment process by November 21, 2017.  Consumers should be aware that buried in the terms of service of this program, is language that bars those that enroll in the Equifax checker program from participating in any class action lawsuits that may arise from the incident.

The best defense against identity theft and credit fraud is to monitor your credit report frequently to check for any suspicious activity, such as accounts you didn’t open, address changes, or anything else that you don’t recognize.

Advertisements

You may think it will never happen to you but identity theft continues to be on the rise according to a report by the Federal Trade Commission (FTC).     The FTC report cites identity theft as the No. 1 consumer complaint, putting it at the top of the list for the 15th consecutive year.

Of 2.6 million complaints made to the commission, state and federal law enforcement agencies, national consumer protection organizations and nongovernmental organizations, 13 percent were about identity theft, with debt collection and impostor scams accounting for 11 percent each.

Credit card fraud has become a more common form of identity theft, increasing from 14 percent of all complaints in 2012 to 17 percent in 2014. This relatively frequent fraud involving wage, tax and credit card records is likely why the FTC says Americans older than 20 and younger than 60 are most at risk of being impersonated by a scammer, since they are more likely to be steadily employed and to use credit accounts.

Multiple companies including the IRS have become victim to hacking, leaving millions of people at risk for identity theft. According to IBM, more than one billion records containing personally identifiable information were leaked in 2014 alone. An identity thief only needs a few data points like the kind found in many data breaches to tap into your financial life.

Identity thieves have been hard at work for some time and go to great lengths to find viable victims. Science Magazine reported that “anonymized meta data sets” that contain product purchase information are matched with the people who made the purchases by looking at Instagram posts and tweets that matched the purchases. That’s right, they are using your social media posts to wreak havoc on your financial identity.

Statistics show that tax-related identity theft is a lucrative crime. In the 2015, Intuit, the company behind TurboTax, had to shut down e-filing in several states after the company noticed an uptick in what appeared to be fraudulent tax returns. The IRS stopped 19 million suspicious tax returns last year, and stopped more than $63 billion in fraudulent refunds. A whopping $5.8 billion in tax refunds were paid out to fraudsters. In 2012, the Treasury Inspector General for Tax Administration projected that fraudsters would net $26 billion into 2017.

Protecting your identity is important now more than ever and monitoring your credit is one of the only

The IRS reported a data breach on its systems in May 2015 and said the hackers successfully compromised the data of 114,000 taxpayers and attempted to compromise the data of 111,000 more. But after “an extensive review,” the IRS concluded that an additional 220,000 taxpayers were directly affected and 170,000 more were at risk. This new revelation brings the totals of those compromised to roughly 334,000 people affected and 281,000 at risk.

The breach occurred in a system that stored data from old tax returns called Get Transcript. The agency said in a statement, “The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for ‘Get Transcript’, including by enhancing taxpayer-identity authentication protocols.” The breach did not affect any IRS data outside the “Get Transcript” application.

After the breach, the taxpayers whose data was compromised received notifications. The IRS’s outreach efforts included free credit protection for people involved in the breach and the agency is also offering an additional layer of authentication in the form of Identity Protection PINs. The IP Pins program has been developing over the last few years as the IRS was dealing with a significant uptick in tax fraud for refunds.

Once a year in the lead-up to tax season, the IRS sends a six-digit IP PIN to taxpayers who are dealing with identity theft or may be at risk for it. Along with a social security number or taxpayer ID number, forms have a field for adding an IP PIN, which is required for people who have been issued one. The advantage is that a crook who has your SSN probably doesn’t also have your IP PIN, and the number resets every year so it’s harder to track down. The IRS does allow people to look up their IP PINs online, though, so if that system were compromised, the measure would obviously be less effective. But given government agencies’ overall lack of movement on finding replacements for social security numbers, the IP PIN program seems productive.

In addition to names, addresses and Social Security numbers, the attackers would have needed personal information such as a person’s first car or high school mascot. Identity thieves could easily get the answers to these questions from individuals’ social media accounts and compile them into searchable databases.

When a thief files a false return and beats you to filing, the IRS flags your legit return and processes it manually, meaning your refund could be delayed for months. The IRS will always pay you your refund, regardless of whether it already paid it out to a fraudster. But beating you to your return is only one issue faced when your information falls into the hands of an identity thief. The IRS says a typical case of ID theft can take 180 days to resolve but can be a recurring problem year after year. This latest revelation of a much larger data breach will likely send many to check their credit reports especially since identity thieves have had such a large head start.