Earlier this week, Krebs on Security reported that one of its readers, Michael Kasper had become a victim of income tax identity theft in a new manner. The IRS provides free electronic filing through its Free File Software for people with incomes of $60,000 or less and its Free File Fillable Forms for people with incomes of more than $60,000 and it is the Free File Fillable electronic filing program that was used by an identity thief to file an income return electronically and claim a $8,926 refund based on upon falsified W-2 information provided by the identity thief on the return. Kasper became aware of the problem when he went to file his income tax return using Turbo Tax and was informed that an income tax return using his name and Social Security number had already been filed and the refund sent electronically to a bank from which Kasper later learned that substantial amounts of the refund had already been depleted from the account using a debit card. Kasper has indicated great frustration with the manner in which the IRS has handled the investigation and further believes that the identity thief had accessed Kasper’s previous federal income tax returns using the IRS’ Get Transcript program by which taxpayers can obtain copies of previous income tax returns after providing verification of the taxpayer’s identity through answering questions, the answers to which are too often readily available online.
Income tax identity theft continues to be a huge problem costing taxpayers an estimated 5.9 billion dollars this year alone. One thing that taxpayers can do to reduce their chances of becoming a victim of identity theft is to file their income tax returns as soon as possible in order to limit the opportunity for an identity thief to file one first in the taxpayer’s name. Protecting your Social Security number and other personal information is also of paramount importance for taxpayers to protect themselves. However, we are all only as safe as the places that hold our personal information with the weakest security. Although Michael Kasper does not have evidence that his personal information was accessed from the IRS by the identity thief who victimized them, the IRS’ data security is not as strong as it should be and just last month was the subject of a General Accountability Office (GAO) investigation in which the GAO detailed numerous security failings of the IRS that need to be addressed. Here is a link to the highlights of the GAO report. http://www.gao.gov/assets/670/669109.pdf