On TLS we read a lot about burglaries that have NFE (no forced entry). We make it easy for the thieves by leaving our cars and windows and doors unlocked, strollers and bikes outside, etc. Well not only is that true in our “physical environment” but it’s perhaps even truer on our computers. Here’s what I found out:
Using a simple Google search I have been able to access almost 100 tax forms with Social Security numbers, names, addresses, tax IDs, and phone numbers and in several cases credit card information, online. That’s right.
I didn’t have to rely on leaks of email addresses and passwords available from hackers breaking into systems (like the Epsilon leak I reported on in recent TLS articles). These tax forms are freely available to anyone. Who’s responsible? The actual owners of the information!
You read that right! And it even gets worse:
These documents have already been, or will soon be, submitted to the State and Federal government tax agencies, tax service providers and third parties, such as banks, credit unions, etc. They have names, addresses, income, phone numbers, credit card numbers (which would be saved for those who have e-filed), and of course the pot of gold for identity theft, Social Security numbers. Keep in mind that not only individuals are vulnerable to having their identity stolen, but so are their children and any other dependents that are used for tax credits. How is that possible?
Since you are required to submit your children’s names and Social Security numbers the identity thief has a bonanza. In all likelihood your kids will not even know about the theft for several years. Way after the their credit has been abused over and over again and the thief has long disappeared of the face of the earth. The consequences are mind boggling. And it’s our own fault!
That’s “our” in singular and plural. As in joint tax returns. Your Social Security number is available for anyone to grab online because your spouse saved your tax records on the family or business site. Or your nephew, the accountant‘s, “gorgeous new website”. It happens. More than you would imagine. Would you like to tell your children that their credit is basically trashed because of careless actions taken with personal information?
Of the documents I could freely see on line, whole families are at risk for identity theft. Maybe it already happened since some of these forms have been on the web a while already. Anyone can tell by the date shown for when the file was uploaded.
Most of the sites were personal, family, and business sites. But you better sit down for this: many of the sites were educational sites like public and private schools, colleges and universities. Lends new meaning to the phrase “social networking”.
This type of behavior will only continue to go on as more and more people save files or use the e-mail on their company’s, school‘s and even your accountant’s servers which they think are somehow disconnected from the rest of the Internet. Be careful of where you save your stuff. That includes your G-Mail, Yahoo, Koshernet, etc, e-mail accounts.
DO NOT STORE YOUR PRIVATE INFORMATION ON YOUR WORK OR SCHOOL COMPUTER OR ONLINE PERIOD!
BTW. If you do find you have been compromised, make sure you get rid of all those MP3s before you call the FBI! Never mind, they’ll find them anyway.