There is apparently widespread belief that the "organized crime" hackers who were filing fraudulent returns with the IRS will now start directly targeting the people who's info was breached.
Get ready for the,"Don't worry, we've got this" b.s. announcement that comes from the IRS.
They will likely send that message in a letter to the specifically hacked as well.
You don't, until they follow through on disclosure to indicate who was hit and who was spared, following a detailed investigation of course.
This would be a lot less frustrating if not for the fact that people have been pointing out the IRS was vulnerable for a very long time now. Apparently, the only thing more archaic and difficult to navigate than the tax code is the IRS' IT infrastructure.
You don't, until they follow through on disclosure to indicate who was hit and who was spared, following a detailed investigation of course.
This would be a lot less frustrating if not for the fact that people have been pointing out the IRS was vulnerable for a very long time now. Apparently, the only thing more archaic and difficult to navigate than the tax code is the IRS' IT infrastructure.
To be fair, the IRS has had its budget cut by 18% over the past 5 years. Cyber security costs money.
You don't, until they follow through on disclosure to indicate who was hit and who was spared, following a detailed investigation of course.
This would be a lot less frustrating if not for the fact that people have been pointing out the IRS was vulnerable for a very long time now. Apparently, the only thing more archaic and difficult to navigate than the tax code is the IRS' IT infrastructure.
To be fair, the IRS has had its budget cut by 18% over the past 5 years. Cyber security costs money.
True, but that should have been at least partially offset by the continuing increase in the % of tax returns being e-filed and the resultant cost savings. Where I have sympathy for the IRS is with respect to the end of the year legislation Congress passes and then expects them to implement in 3 weeks. IMHO the funding cuts shouldn't have been that much of a problem.
this wasn't an issue with lack of pen tests or network scans.
it was the confluence of several bad decisions:
- Turbotax and others making federal e-filing free
- Giving refunds on prepaid gift cards rather than paper checks or deposits into U.S. bank accounts
- Allowing filing fees for state taxes to be paid out of refunds
- Turbotax getting hacked
All of this made it easy for criminals to just submit massive amounts of false returns.
you'll know if you've been a victim if you try to e-file and the IRS doesn't allow it because someone has already filed a return in your name. if so, and you were previously a Turbotax customer, you may get a bill from Turbotax as well.
Is this predominately a problem for Turbotax filers?
Where the IRS went wrong (and I'm basing this off early information, which could change when more details are available) is not detecting a repeated attempt to pull tax application data from a single set of servers. Some 200k or so application requests in the span of 3 months, which should have registered as anomalous activity.
Where the IRS went wrong (and I'm basing this off early information, which could change when more details are available) is not detecting a repeated attempt to pull tax application data from a single set of servers. Some 200k or so application requests in the span of 3 months, which should have registered as anomalous activity.
yes. they should have better detection of anomalous behavior. I wonder if we'll know how many false refunds were paid out.
RE: Is this predominately a problem for Turbotax filers?
Predominately, maybe. an accountant friend of mine says he has a dozen customers that have had either state or federal returns fraudulently filed with their SSNs.
You have already received yor returns, can you assume you have not been hackd?
if you've received your refunds then I don't think you need to worry about fraudulent filings with your SSN for 2014 tax year. it means the IRS and your state gov have processed your returns.
given magnitude of recent breaches, i'd still do a credit check.
They will likely send that message in a letter to the specifically hacked as well.
You don't, until they follow through on disclosure to indicate who was hit and who was spared, following a detailed investigation of course.
This would be a lot less frustrating if not for the fact that people have been pointing out the IRS was vulnerable for a very long time now. Apparently, the only thing more archaic and difficult to navigate than the tax code is the IRS' IT infrastructure.
You don't, until they follow through on disclosure to indicate who was hit and who was spared, following a detailed investigation of course.
This would be a lot less frustrating if not for the fact that people have been pointing out the IRS was vulnerable for a very long time now. Apparently, the only thing more archaic and difficult to navigate than the tax code is the IRS' IT infrastructure.
To be fair, the IRS has had its budget cut by 18% over the past 5 years. Cyber security costs money.
Quote:
You don't, until they follow through on disclosure to indicate who was hit and who was spared, following a detailed investigation of course.
This would be a lot less frustrating if not for the fact that people have been pointing out the IRS was vulnerable for a very long time now. Apparently, the only thing more archaic and difficult to navigate than the tax code is the IRS' IT infrastructure.
To be fair, the IRS has had its budget cut by 18% over the past 5 years. Cyber security costs money.
True, but that should have been at least partially offset by the continuing increase in the % of tax returns being e-filed and the resultant cost savings. Where I have sympathy for the IRS is with respect to the end of the year legislation Congress passes and then expects them to implement in 3 weeks. IMHO the funding cuts shouldn't have been that much of a problem.
it was the confluence of several bad decisions:
- Turbotax and others making federal e-filing free
- Giving refunds on prepaid gift cards rather than paper checks or deposits into U.S. bank accounts
- Allowing filing fees for state taxes to be paid out of refunds
- Turbotax getting hacked
All of this made it easy for criminals to just submit massive amounts of false returns.
you'll know if you've been a victim if you try to e-file and the IRS doesn't allow it because someone has already filed a return in your name. if so, and you were previously a Turbotax customer, you may get a bill from Turbotax as well.
yes. they should have better detection of anomalous behavior. I wonder if we'll know how many false refunds were paid out.
Predominately, maybe. an accountant friend of mine says he has a dozen customers that have had either state or federal returns fraudulently filed with their SSNs.
if you've received your refunds then I don't think you need to worry about fraudulent filings with your SSN for 2014 tax year. it means the IRS and your state gov have processed your returns.
given magnitude of recent breaches, i'd still do a credit check.