You might expect that the Internal Revenue Service (IRS) of the US would be worried that the recent Equifax data breach would set off an avalanche of fraudulent tax filings.
In fact, they believe a “significant” number of the estimated 145 million victims of the Equifax breach have already had their private data stolen.
“We actually think that it won’t make any significant or noticeable difference,” said IRS Commissioner John Koskinen to reporters during a recent briefing. “Our estimate is a significant percentage of those taxpayers already had their information in the hands of criminals.”
In this case, Koskinen defined significant as 100 million – around two-thirds of those included in the Equifax stolen data episode.
Just the numbers, please
The extent and scale of private data stolen in recent breaches are breathtaking. For the 145 million U.S. consumers hit in the recent Equifax data breach, their stolen data included home addresses, date of birth, driver’s license data, and their Social Security numbers. As for size, don’t forget the famous data leak at Yahoo. It wasn’t just one billion accounts – it was all of Yahoo’s accounts – a whopping 3 billion accounts.
IRS says their situation is getting better
Surprisingly, the flood of stolen data didn’t lead to a deluge of data theft cases for the IRS during the past 2017 tax season. After getting hit with a 400 percent spike in phishing scams during the 2016 tax season, the IRS went to work at fighting data fraud, tightening its own standards, working with local officials, and making a concerted PR effort to alert consumers of the dangers from phishing attacks and common criminal strategies.
They report that this effort is paying off. “The progress we’ve made in protecting taxpayers is especially important when you look at how much sensitive personal information has fallen into the hands of criminals recently,” Koskinen stated in the meeting.
A change of strategy for you
The IRS statement shows that it is time for you to change your personal data security strategy. Instead of simply focusing on keeping data out of the bad guys’ hands, it’s time to live as though this data has already been stolen and could be misused at any time.
- No recycling, please. Don’t reuse the same password for different accounts. And the same is true for those security questions for your various accounts.
- Use two-factor authentication. With two-factor authentication, you have another defense ready to go if that initial password has been stolen.
- Password selection. How secure are your passwords? The basic minimum for passwords is seven characters with a mix of symbols, numbers, and capitalization. Make it easier on yourself – get a Password manager to ensure you aren’t recycling passwords and that you are making each password sufficiently complex.