With the Internal Revenue Service (IRS) announcing that criminals used stolen data to access tax return information on more than 100,000 accounts, Attorney General Peter F. Kilmartin is warning Rhode Islanders to be vigilant in monitoring for suspicious activity.
Reports have surfaced that criminals hacked into the IRS's online "Get Transcript" application to gain unauthorized access to personal tax information as part of a scheme to steal identities and file falsified tax returns. The hackers had already obtained enough information on the taxpayers affected to clear the multi-step authentication process on the IRS site, including personal verification questions. The data accessed includes Social Security numbers, birth dates, addresses, and additional financial information.
Approximately 100,000 accounts were accessed, and in total, the IRS has identified approximately 200,000 taxpayers whose accounts had attempted unauthorized accesses. It is not known at this time if any Rhode Island taxpayers were impacted, although the IRS will notify those affected. The notifications have started to be mailed out and will include additional details for taxpayers about credit monitoring and other steps. The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed.
"Consumers' tax returns include some of their most sensitive personal information," said Attorney General Peter F. Kilmartin. "Although it is unclear whether any Rhode Islanders are affected, it is understandably upsetting to consumers that the security of the IRS's online application was compromised. Unfortunately in this digital age, hackers are always looking for new ways to steal consumers' identities. This serves as a reminder to all consumers that it is important to monitor your credit reports and accounts."
The IRS has stated that the breach is under review by the Treasury Inspector General for Tax Administration, as well as the IRS' Criminal Investigation Unit. Additionally, the "Get Transcript" application has been temporarily shut down, and will remain disabled until the IRS makes modifications and strengthens its security. According to the IRS, no action is needed by taxpayers outside of the groups affected.
The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure. More information about the breach can be found on the IRS website, including a statement from the IRS regarding the breach.
Attorney General Kilmartin offered the following helpful information to consumers who may have been affected by this breach:
• Be suspicious of any phone calls or emails claiming to be from the IRS asking to confirm tax return information, social security number or other personal identifiable information. Calls or emails claiming to provide information about the breach may be scams. • Monitor banking and credit card accounts daily for suspicious activity, especially small withdrawals. Often, hackers will withdraw a few small amounts to "test" the account to see if it is viable to fully compromise. Immediately report any suspicious account activity. • Consider changing email passwords as well as online account passwords. While there's no indication this information has been compromised in the breach, it's a good idea to change passwords periodically anyway. • Update antivirus software. • Consider adding a fraud alert to your credit report file to help protect your credit information. A fraud alert is free of charge and can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed below.
Attorney General Kilmartin also warns consumers to be on the lookout for signs of identity theft, which could include:
• Unexpected mail, such as a bill for a credit card you never signed up for or a member agreement from a bank with which you do not have an account. • Credit charges you did not make. • Unexpected collection calls. • Errors on your credit report or a lower than expected score. • Another person's name showing up on your background check.
Consumers may contact the nationwide credit reporting agencies at:
About the Office of the Attorney General Consumer Protection Unit
The Office of the Attorney General Consumer Protection Unit investigates and mediates consumer complaints concerning unfair and unlawful business practices and misleading advertising arising out of alleged violations of the Deceptive Trade Practices Act. If groups of people are victimized by a deceptive trade practice, this office may file in the Superior Court a civil investigative demand, which is a formal investigation. In appropriate cases, a lawsuit to stop the illegal business practice may be initiated.
Apart from carrying out its statutory responsibilities, the Unit also provides information and referral services to the general public. Consumers are directed to the appropriate governmental or private agencies for help in answering specialized questions or resolving disputes that are not within the Unit's jurisdiction.
The Consumer Protection Unit is available to speak to community groups on how to prevent being a victim of identity theft and other scams. For more information, please visit www.riag.ri.gov or call 401-274-4400.