April is a critical time of year for businesses and individuals to assess their vulnerabilities to the onslaught of identity theft. Tax season finds the IRS inundated with filings and requests for tax refunds throughout the country. The government, unfortunately, lacks the manpower to ensure all of these filings are legitimate. Identity thieves, who now include sophisticated organized criminal groups among their ranks, are filing fraudulent tax returns by the thousands using stolen social security numbers acquired throughout the year. As a result, if you choose to file an extension on your return, you could be giving thieves the time they need to file your return first!
The means and methods by which these thieves acquire unsuspecting individuals' social security numbers and related personal information (i.e., date of birth, address, home telephone number, mother's maiden name, etc.) are varied and numerous. Techniques range from the hacking of databases containing such information, the careless handling of this information by employees that work with it, to simply paying people to rummage through the trash left by individuals and companies. The recent explosion of social media usage and the online availability of public records also provide identity thieves with a wealth of information to "connect the dots" of a person's identity narrative. This information, when compiled and incorporated by the wrong people, can cause immeasurable damage to victims and take years to rectify—if ever.
Think it won’t happen to you?
Think again. The numbers are staggering. In the past three months alone, the IRS has worked with victims to close more than 200,000 cases of taxpayer-related identity theft. Additionally, the agency has identified more than 640,000 cases as of September 30, 2012, and issued more than 770,000 personal identification numbers to protect taxpayers who were victimized in previous scams. The IRS estimates that it prevented the issuance of more than $20 billion in fraudulent tax returns in 2012, up from $14 billion in 2011. The government, however, estimates that as much as $5.2 billion in bogus refunds could still be paid out to identity thieves who hijack innocent victims' personal information.
Dealing with a fraudulent tax return may be just the painful beginning. The numbers above do not include the use of victims' social security numbers and personal information to apply for credit cards, lines of credit, driver’s licenses, and other things of value. All the more reason to remain vigilant in protecting your data from intrusion.
What should you do?
Businesses must review their operations and determine where vulnerabilities may exist in exposing personal data of employees and clientele to unauthorized eyes. Individuals should assess what personal information they carry with them (i.e., social security card) and store online, and consider what access others may have to their information. It is not uncommon for people to provide their phone numbers, social security numbers, dates of birth, and other personal information to store clerks, online websites and strangers over the phone when purchasing goods or confirming their identity. This can result in their data being misused by others.
This tax season, businesses should remind their employees of the importance of knowing how best to protect their personal data. Steps as simple as not leaving computers, thumb drives and papers in their cars, ensuring certain documents are not left out on desks, encrypting laptops, and locking file cabinets containing personal information, can help avoid the loss of sensitive information and prevent identity theft. Self awareness and vigilance are key factors in protecting against identity theft.
The attorneys in the McDonald Hopkins Data Privacy and Cybersecurity Practice specialize in advising businesses and individuals on how to protect against data breaches and identity theft, and how best to address situations where such breaches occur. Our team includes former federal prosecutors who have prosecuted these types of cases and now represent clients victimized by such breaches. We can provide training and advice on steps to take to help keep the thieves at bay.
For more information, please contact:
Richard H. Blake
James J. Giszczak
Bruce E. Reinhart
McDonald Hopkins counsels businesses and organizations in a myriad of industries regarding all aspects of data privacy and cybersecurity, including proactive compliance with the numerous state, federal and private data security regulations relative to the protection of personal information and protected health information, training of employees and preventative measures to decrease the risk of data theft. Our attorneys specialize in drafting data privacy policies, written information security programs, incident response plans, confidentiality agreements, vendor agreements, and document retention policies. When a data breach occurs, McDonald Hopkins acts as a breach coach to ensure compliance and minimize exposure. Our attorneys work with federal, state and local authorities, as well as third party vendors, throughout the breach response process. We coordinate notifications to affected individuals and state attorneys general as well as the media, as needed. Our team has significant experience litigating matters involving data security and privacy. We can help properly assess your risks to ensure compliance. Once our brief McDonald Hopkins Data Privacy and Cybersecurity Review is completed, your company will receive an assessment of the areas which have the greatest need of attention and improvement to ensure compliance.