More than 100,000 taxpayers have had information on past returns stolen by identity thieves in a big breach of the taxpayer privacy that the IRS is supposed to protect, as The Wall Street Journal and The New York Times (and others) reported in late May.
But it’s not entirely the IRS’s fault. In fact, as this followup article explains, the bad guys already had Social Security numbers and other information that they then used to gain access to taxpayer information on the IRS website.
So, what can you do about cyberthieves hacking corporate databases and now the IRS to get at your information and your accounts? This short video from The New York Times has some good suggestions on protecting your data with better, stronger, tougher passwords.
In the wake of the IRS breach, it’s worth repeating something I’ve said many times before: The IRS does not begin contact with taxpayers by email, phone, text message, or social media. Never, ever, ever give any information over the phone to anyone who claims to be from the IRS and wants any information from you, let alone any financial account data.
You can report suspicious online or emailed phishing scams to email@example.com. To report phone, fax or mail phishing scams, call 1-800-366-4484. And to report IRS impersonation scams—that’s when criminals call unsuspecting taxpayers and are able to rattle off the potential victim’s address and Social Security Number to trick them into giving away financial data—you can actually file an IRS Impersonation Scam Report online.