BreachExchange mailing list archives
Nothing is certain but death, taxes and identity theft.
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 12 Mar 2013 14:23:14 -0400
http://www.datalossdb.org/incident_highlights/58-nothing-is-certain-but-death-taxes-and-identity-theft 2013-03-12 by eabsetz As we are well into tax season, there has been a trend of articles in the news involving identity theft and tax fraud. Individuals are stealing information from various sources, which are not only businesses, but also straight out of mailboxes in order to commit identity theft and file false tax returns. Some of these criminals have been reported to net as much as $11 million with their schemes before being caught. 641,690 incidents had been identified by the IRS as of September 30, 2012. Each of these incidents are a concern. However, all are not reported in DatalossDB as we require data loss incidents to have a steward organization. Therefore, we submit only to our database the schemes where personal data is stolen from an organization or business, but discard those where the data is stolen out of mailboxes as they don’t fit our requirements. Here are some snippets of the latest cases we have seen in the news; these cases include both ones DatalossDB would and would not catalog. There seems to be a trend in state employees and tax preparers stealing information to file false tax returns themselves or to sell the personal information to others. In one case in Alabama, a state employee obtained identification information from a state database from October 2009 until April 2012. That is two and a half years in which she went undetected while working with co-conspirators to file over 1,000 false tax returns and receiving fraudulent returns totaling $1.7 million. In Los Angeles County, the Department of Public Social Services had an employee, who as a receptionist had access to the systems to input data and assistance requests. She took screenshots of 132 applicants’ PII (Personally Identifiable Information), and with the help of her husband and friends filed 65 tax returns in 2011 netting a total of $357,704.90 in fraudulent claims. In Silver Spring, MD, two brothers running a tax service together stole identities from Puerto Rican residents to submit fraudulent claims through their business. They filed 13 false returns totalling $43,264. Another tax preparer used information of previous clients and deceased persons in order to defraud the IRS and taxpayers for over $200,000 from 2003 to 2008. The largest case we've seen, which is currently awaiting sentencing, took place in Fort Lauderdale and involved the filing of around 2,000 false tax returns from October 2010 until June 2012. This particular identity theft tax fraud scheme pulled in over $11 million. To many, this might seem like a great way to make money. Here are some of the punishments that have or will befall these criminals. If convicted, the Alabama state employee is facing 20 years for each wire fraud count, 10 years for each computer fraud count, 10 years for conspiracy to file false claims, 2 years for aggravated identity thefts, fines, and mandatory restitution. The tax preparer, who used client and deceased persons information, was sentenced to 60 months in prison and paying full restitution amounting in excess of $200,000. As for the case where the scheme pulled in around $11 million, one of the women involved is looking at possibly being sentenced to 351 years. That is around 6 lifetimes of prison! The IRS is taking action in response to the increase in tax related identity theft over the last few years. They have activated new identity theft filters, and are working with over 130 financial institutions to help identify identity theft schemes. The IRS has also trained over 35,000 people, who have direct contact with taxpayers, in ways to help identify red flags associated with identity theft, and they have doubled the employees in their tax related identity theft department. Multiple resources including the IRS are recommending a few things to help keep your identity safer. Make sure that you do not carry your Social Security card around in your wallet or purse; if you do, take it out and place it somewhere secure. In fact, it is a good idea to take any documents containing personal information and secure them in your home. Many businesses ask for your Social Security number, even if it is not mandatory information. It is best to not automatically provide it every time you are asked. Never give out your personal information over the phone or email; the IRS does not contact taxpayers either way to acquire information. Monitoring your credit report on a regular basis can help to identify identity theft, hopefully before the loss becomes severe. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Nothing is certain but death, taxes and identity theft. Jake Kouns (Mar 12)