On TLS we read a lot about burglaries that have NFE (no forced entry). We make it easy for the thieves by leaving our cars and windows and doors unlocked, strollers and bikes outside, etc. Well not only is that true in our “physical environment” but it’s perhaps even truer on our computers. Here’s what I found out:
Using a simple Google search I have been able to access almost 100 tax forms with Social Security numbers, names, addresses, tax IDs, and phone numbers and in several cases credit card information, online. That’s right.
I didn’t have to rely on leaks of email addresses and passwords available from hackers breaking into systems (like the Epsilon leak I reported on in recent TLS articles). These tax forms are freely available to anyone. Who’s responsible? The actual owners of the information!
You read that right! And it even gets worse:
These documents have already been, or will soon be, submitted to the State and Federal government tax agencies, tax service providers and third parties, such as banks, credit unions, etc. They have names, addresses, income, phone numbers, credit card numbers (which would be saved for those who have e-filed), and of course the pot of gold for identity theft, Social Security numbers. Keep in mind that not only individuals are vulnerable to having their identity stolen, but so are their children and any other dependents that are used for tax credits. How is that possible?
Since you are required to submit your children’s names and Social Security numbers the identity thief has a bonanza. In all likelihood your kids will not even know about the theft for several years. Way after the their credit has been abused over and over again and the thief has long disappeared of the face of the earth. The consequences are mind boggling. And it’s our own fault!
That’s “our” in singular and plural. As in joint tax returns. Your Social Security number is available for anyone to grab online because your spouse saved your tax records on the family or business site. Or your nephew, the accountant‘s, “gorgeous new website”. It happens. More than you would imagine. Would you like to tell your children that their credit is basically trashed because of careless actions taken with personal information?
Of the documents I could freely see on line, whole families are at risk for identity theft. Maybe it already happened since some of these forms have been on the web a while already. Anyone can tell by the date shown for when the file was uploaded.
Most of the sites were personal, family, and business sites. But you better sit down for this: many of the sites were educational sites like public and private schools, colleges and universities. Lends new meaning to the phrase “social networking”.
This type of behavior will only continue to go on as more and more people save files or use the e-mail on their company’s, school‘s and even your accountant’s servers which they think are somehow disconnected from the rest of the Internet. Be careful of where you save your stuff. That includes your G-Mail, Yahoo, Koshernet, etc, e-mail accounts.
DO NOT STORE YOUR PRIVATE INFORMATION ON YOUR WORK OR SCHOOL COMPUTER OR ONLINE PERIOD!
BTW. If you do find you have been compromised, make sure you get rid of all those MP3s before you call the FBI! Never mind, they’ll find them anyway.
Best Regards,
Ron Benvenisti
I’m really not getting you this time,Ron.
Who saves tax forms on websites?? Mine is on my accountants software just as the hundreds of others. Accountants need to see your return from one year to the next. Is that unsafe?
Some people(s) information is sometimes stored somewhere where somebody can see them an in some cases misuse some of the information??? Where? when? how? Where is possibly MY information stored? How can i know if it is/’nt etc.????
To #1. Good points! I was surprised (as you are) that tax forms are saved on personal websites. Sometimes people back up their files on the free site they get with their ISP plan or use the space as another drive.
Search engines will find Word Docs, Adobe PDFs, and index them just like they do HTML or XML (web files). Tax forms filed through internet Tax providers (like TaxBrain) let you download the files as PDF files to save. Fax programs like e-Fax send faxes as PDF files which are extracted on work or school computers. You can access internet faxes from any computer.
Sometimes home computers have website capability running on them as default services and all machines have the web access port (TCP/IP Port 80) open by default. Files might be saved where they can be indexed by search engines.
I know it’s a lot of tech-talk but people do have to be careful with their documents because of the many scenarios which can put them at risk of identity theft.
More than likely your accountant does not e-file your return (although he or she can). If your accountant is IT savvy, beyond just using a tax prep software application, even without having a website, documents stored on accounting firm servers that do not have strong access rules, a firewall or secure firewall settings can be captured by others and then stored on another website. Typically year to year info for returns is not stored as an actual tax form, only as data in the tax prep software which is hopefully protected with a strong password. Sometimes if the return is e-filed or soft copies are sent to you as PDFs (for example) there is more risk if your accountant’s or your storage is not protected: such as your firewall software is turned off, is out of date, or you don’t have one; you have spyware or malware or various types of viruses like worms and trojans that target personal information.
Information security is much like a cat and mouse game where we are always trying to stay one step ahead of the crooks. We need to be diligent about having security protection on our machines and network servers like firewalls, anti-virus and anti-spyware programs and keep them up to date so as not to make it easy for them. We should never email sensitive documents without some type of encryption and passkey protection (that discussion is important but too long to get into now).
We can mitigate our risks and stay safe as long as we take the initiative and follow the precautions set forth above with regards to the particular scenarios of document storage I’m referring to.
‘More than likely your accountant does not e-file your return’
according to the irs, 70% of returns were efiled in 2010
if you dont trust a company like Google with your social security #, so why do you trust your phone company, insurance, bank, utility etc. with all your personal info? if you are paranoid about someone stealing your identity, maybe you should get yourself identity protection for a couple of dollars a month, instead of worrying over every email, and going through the hassle of encrypting your information.
To #3. Your statistics are absolutely on board, however out of those 70% most are not using accountants and are filing the EZ-File short forms. But you will be correct for this year going forward because as of January 2011 the IRS is requiring accountants who file more than 100 individual returns a year and trust returns to e-file.
To#4: Google will never ask you for your SSN. LifeLock is a good choice, but remember that is basically an insurance company. Most of their clientele will not become victims from identity theft, so the one’s that do are paid for by the one’s that don’t, Nothing is foolproof, but LifeLock is a good value for some peace of mind. They can get you back on track and clear up credit issues saving you a lot of drudge work, frustration and anxiety. LifeLock will not protect your email, just your SSN, credit and bank cards. But trust me, one day LifeLock too will likely be compromised from an inside job, disgruntled employee or a hack. Most breaches are never reported.
Sorry I can’t make heads or tails out of anything your saying.
To #7. Don’t worry, T, you’re not alone, this stuff can be pretty esoteric for those that are new to it. If you really want to go batty, read the IRS tax form instructions. Thanks for your feedback, I’ll try my best to make this stuff more understandable to the laymen. Happy Holidays.