Identity thieves seem to like to target the government. With April 15th nearing, the news is awash with fraudsters using other people’s identities to claim an earned income tax credit worth thousands of dollars. Of course, we should feel sorry for the poor people who had their identity stolen and used to file a bogus return. After all, they will have to deal with the IRS, and prove they didn’t file the bogus return.
The saddest thing is that they will probably find out about it when they file a legitimate tax return and it is denied. When this happens, they might have to prove, that they were not the person responsible for filing the faux (fake) return. In most instances, proving this will be hours of work and cost a little money.
In all fairness, it is evident that the IRS is taking tax fraud much more seriously than in the past. Because of this we are probably seeing more of it being reported. The IRS has an excellent information web page to assist the people being victimized. Please note that anyone paying taxes is a victim of all this, as the money being lost adds to the ever growing deficit.
Another aspect of this fraud is that if the government can prove the refund was not negotitated for the right person, they can hold the financial institution paying out the money liable. Frequently when the fraudulent refund is received a counterfeit ID is produced to negotiate the instrument. In these cases, when the true person proves they did not file the bogus return, the loss is going to be charged right back to the financial institution that paid out the actual cash in the scheme.
Another good example of a government program being targeted is the recent disclosure that hackers compromised a State of Utah Medicaid database. Given the quality of information stolen (medical), it is a prime opportunity for tax fraud (or medical fraud) against the government.
Current estimates put this data breach at 780,000 personal records compromised. It has also come to light that the data was not encrypted and that less-than-complex passwords were used to protect it. The Salt Lake City Tribune is also reporting that the manner in which this information was protected might be in violation of current federal regulations. Hard to believe, with the number of publicly disclosed breaches, that the data was not encrypted. You would think that this would be standard by now when protecting information that criminals can steal money with.
It is interesting that the World Privacy Forum is showing an interactive map on their site showing all the known occurrences of medical identity theft in recent years. While there are differing estimates on the costs of medical fraud, there is little doubt that it costs billions of dollars, and the costs are passed on to all of us.
A recent article by Jaikumar Vijayan at ComputerWorld makes a pretty good argument that most of the data breaches in 2011 were avoidable. If that is the case, it should show us that this is an ever-growing problem and that we cannot afford to let our guard down.
If you think you might be a victim in the Utah breach, the State has set up a victim’s assistance line at 1-855-238-3339.