Spade Technology: Blog

IRS ISSUES WARNING: American Tax Refunds Face Theft Due to Equifax Hacking Scandal

Equifax has been all over the news lately. Earlier this year, news of the massive hacking of the credit reporting agency has left the company scrambling to try and make sure client data is secured. However, the IRS has issued a recent warning to consumers that tax refund dollars face an increased chance of being stolen thanks to the recent Equifax breach.

IRS Equifax

The Equifax hack revealed the Social Security Numbers of approximately 143 million Americans, which, according to the IRS, makes them extremely vulnerable to being the victims of tax fraud in the upcoming tax season. This could result in Americans not getting their tax return check at all, with the average return amount cited as roughly $3120. Without a doubt, the cost of the hack will be astronomical.

What’s the Next Step? Beefing Up IRS Security to Reduce Chances of Tax Fraud

Tom Schatz, President of Citizens Against Government Waste recently wrote to the Treasury about the issue. He stressed the fact that the Equifax hacking scandal leaves millions of American’s hard earned dollars up for grabs. Additionally, he urged the IRS to strengthen their lines of defense to prevent fraud proactively.

“During the 2017 tax season, these individuals will be at an increased risk of having their tax returns stolen,” writes Schatz. “And the IRS’s outdated legacy IT systems will only heighten the threat.”

Citizens Against Government Waste is dedicated to driving technological innovation and heightened security within government institutions. The group is a key driver in urging administrations to stop wasting government dollars on outdated IT systems that do not adequately protect client data.

Schatz went on to cite that IRS technology spending needs a complete overhaul, noting that the current system missed 54,175 fraudulent returns totaling in a staggering $313 million American taxpayer dollars.

IRS Stirs the Pot: Announces Multi-Million Dollar Security Contract with Equifax

In early October, amidst warnings of tax fraud and calls for higher security, the IRS made a bold move. The agency announced a $7.25 million contract with Equifax for the sharing of personal information. That’s right, the US International Revenue Service struck a multi-million-dollar personal information sharing deal with the company at the center of the biggest breach of personal data in recent history.

In the contract, the IRS states that Equifax was the only company capable of providing what it deemed a “critical” service. The sharing of personal information between Equifax and the IRS would apparently help verify tax-payer identities to prevent fraud. The critical service contract apparently couldn’t wait and had to implement immediately, despite security concerns.

Government representatives from across the floor we’re quick to condemn the proposed contract.

“In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed,” said Senate Finance Chairman Orrin Hatch in a statement to POLITICO.

“The Finance Committee will be looking into why Equifax was the only company to apply for and be rewarded with this contract,” added Senator Ron Wyden. “I will continue to take every measure possible to prevent taxpayer data from being compromised as this arrangement moves forward.”

IRS Suspends Contract: Newest Equifax Breach Leaves IRS Backpedaling

As you might guess, it didn’t take long for the IRS to change their tune. Mere weeks after announcing this multi-million-dollar info-sharing contract with Equifax, the IRS had second thoughts. While the initial massive security breach might not have shaken their confidence, a second breach of the Equifax website in mid-October left the IRS with no choice but to can the contract.

After noticing that a third-party vendor was running malicious code on their webpage, Equifax quickly shut down the site. This most recent attack involved bogus pop-up windows on the Equifax web page that could trick visitors into installing software that automatically displays advertising material. Following this security concern, it didn’t take long for the IRS to put a hold on their plans to strike the $7.25 million deal with the credit reporting agency.

“The IRS notified us that they have issued a stop-work order under our Transaction Support for Identity Management contract,” an Equifax spokesperson said on Friday.

“We remain confident that we are the best party to perform the services required in this contract and we are engaging IRS officials to review the facts and clarify available options.”

The IRS was quick to explain the suspension as well:

“During this suspension, the IRS will continue its review of Equifax systems and security,” said a spokesperson for the IRS. “There was no indication that any of the IRS data shared with Equifax under the contract had been compromised.”

The contract suspension means that the IRS will temporarily be unable to create new accounts for taxpayers using its Secure Access portal, which supports applications including online accounts and transcripts. According to the IRS, users who already had Secure Access accounts established will not be affected.

What Now? Critics Rejoice and Prepare for Further Investigation

Critics of the $7.25 million contract with Equifax we’re pleased to learn that the IRS had finally decided to put the kibosh on the project.

“From its initial announcement, the timing and nature of this IRS-Equifax contract raised some serious red flags,” said Republican Representatives Greg Walden and Robert Latta in a joint statement. “We are pleased to see the IRS suspend its contract with Equifax. Our focus now remains on protecting consumers and getting answers for the millions of Americans impacted by the original and massive breach.”

For Equifax however, no celebration is in order. Government contracts in areas such as healthcare, law enforcement, social services, and tax and revenue, are major sources of revenue for Equifax. In fact, in 2016, government services made up 5 percent of Equifax’s overall $3.1 billion in revenue, accounting for 10 percent of its workforce solutions revenues, 3 percent of its U.S. information solutions revenues, and 7 percent of its international revenues, according to a regulatory financial filing.

Even worse? The Justice Department has opened a criminal investigation into three Equifax executives who sold almost $1.8 million of their company stock before the original breach was publicly disclosed, according to Bloomberg media.

What Can Taxpayers Do to Stay Protected?

So, as government officials cast shame upon the IRS and Equifax, many American tax payers are left wondering: if my data is unprotected, what can I do myself to make sure I don’t get robbed during tax season? There’s no fool-proof plan or cut and dry solution, but there are some things that consumers can do to stay alert.

Here are a few strategies for keeping a finger on the pulse of what’s happening:

  • Stay in the know

First and foremost, make sure you’re staying up-to-date on any news related to Equifax and IRS security. Knowledge is power, the more you know about what’s going on, the more strategically you can protect yourself.

  • File early but prepare to wait

In light of all these security concerns, the IRS will be navigating tax season very carefully. Get your tax documents organized ahead of time and file your claim as early as possible. However, keep in mind that because the IRS will be moving carefully, you’re likely to wait longer than usual for your return.

  • Get to know the limits of the credit freeze process

Many consumers have already taken action to protect their data and money by implementing credit freezes. However, consumers should be aware that credit freeze tools or other monitoring mechanisms are not fail-proof and even with these systems in place, tax fraud still happens.

  • Review your most recent tax returns

Take a look at last year’s tax return and study it closely. This will give you a frame of reference and an idea of what to expect this year. Knowing what your tax return usually looks like is a great tool for detecting fraud immediately.

  • Monitor tax records in real time

The IRS has an online portal that allows taxpayers to see the details of their tax return and other information at any time. However, make sure you remember that signing up for this portal is time intensive and requires handing over a lot of personal information. In light of recent security concerns, holding off on this strategy this year may be wise.

  • Consider getting a tax PIN

This strategy is only for individuals who have already been victims of tax fraud. However, it’s good to keep in mind in the case that you are impacted by a scam. The IRS offers and IP PIN service, and those who sign up for a PIN are required to use it every tax season moving forward.

  • Be wary of other scams

It may seem like you have enough security concerns to be thinking about, but consumers must keep in mind that cyber scams happen more frequently every day. Never assume that your data and money are completely safe, because unfortunately, that’s not the case. Be vigilant in detecting phone, email and direct mail scams that claim to come from the IRS. Always think twice before giving out any data.

If you’re looking for ways to better understand cybercrime and how the increased number of hacks and scams is putting your own data and money at risk, reach out to a local team of IT experts for a full run down. Wrapping your brain around cybersecurity can be a headache, but it’s critical in our tech-based world.