Identity theft: how are you, you?

tsj column writers - identity theftBy Jim Eastin

By now you have heard about last weeks hack on the Internal Revenue Service. 104,000 files were captured by bad guys out of 200,000 attempts; a 50 percent return on time invested.

There are four things worth noting about this attack. First, it did not happen last week. It happened back in February. The I.R.S. is only now discovering it and telling us about it. Whatever one might have done to mitigate the loss is long gone.

Second, the attack most likely came from Russia. No one will be prosecuted for doing it. That is a great crime strategy: commit the crime with absolutely no danger of being punished.

Third, 15,000 false returns were filed using this information for a potential gain of $50 million. It will certainly be repeated in the future.

Fourth, in the strict sense of the word, this was not a hack. The criminals did not break into the Internal Revenue Service using cyberforce. They simply logged on as you. All the information they needed was available for purchase on the Internet. If one buys a copy of your credit report, the answers to all of the “secret questions” are there (e.g. Which of these is your previous address? What was your favorite pet’s name? What is your mother’s maiden name?).

How is that possible? Your credit report is where they get the secret questions. In other words, the bad guy doesn’t have to trick you. He can be you.

If you were one of the 104,000, it means that whatever the I.R.S. knows about you is now being combed for other ways to impersonate you. If they can be you, they can get loans, buy real estate, have surgery, take trips, cash in your stocks and bonds and empty your retirement fund. Being you is a lucrative business.

You will no doubt be getting a phone call, email or letter from someone posing as the I.R.S. saying that you are one of the 104,000 and requesting even more information to “clear this matter up.” I know that my readers will not fall for that, but many will. And just because the I.R.S. identified this hack does not mean that there are not others like this going on all the time.

What can you do about it? Nothing. We are long past the days of protecting yourself. Why? Because others will lose the information you entrusted to them. The only solution is ID theft insurance that will monitor all your accounts, financial, medical, Social Security, driver’s license, passport, etc. and put a licensed investigator to work fixing breaches like this when they occur. There are many plans out there. Most are worthless. They are just monitoring services. They watch and report but take no action to help you. Next week I will tell you how to evaluate these services.

(If you have any feedback about this column, suggestions about a topic you would like me to discuss, or want me to come do a free identity theft seminar at your church or social club you can contact me at

Leave a Reply