“IRS probed hundreds of cases of unauthorized access to taxpayer data.” This is the title of an article written by AccountingToday. On its face, this is mind-numbingly scarry. Our government, the body that requires you to report your entire financial life to them, that requires you to submit yourself to their whims, has let strangers access your information. Just the imagined consequences of what may come from this are enough to make me queasy.
Luckily, while the article was only about internal unauthorized access, that doesn’t change the fact that your information could have been compromised. As you’re reading this, it may already be (though probably not by the IRS – the fact remains that unauthorized IRS access is relatively small). What happens when your information is compromised? How will you even know? What do you do to safeguard yourself?
The truth is, most people won’t know if their information has been stolen until well after the fact. If your identity has not been compromised (thank your lucky stars), you should take steps to keep an eye on it. The earlier you catch an attempt, the quicker you can head off any approaching problems. A few steps you should take include pulling your credit report at least once a year – though twice would be better. Federal law requires each of the three nationwide consumer credit reporting companies - Equifax, Experian and TransUnion - to give you a free credit report every 12 months if you ask for it. You can request all of them at the same time by going to annualcreditreport.com. You can also request a free copy of your report any time you apply for credit.
A second step you should take is to shred your mail. Dumpster diving is a famous pastime of identity thieves. But like most of their ilk, they’re looking for a quick score. Don’t make it easy for them. Buy yourself a good cross shredder. You don’t have to get the most expensive one on the market (Staples office supplies has a few good choices for less than $100), just make sure it is sturdy. And shred all your mail – even junk mail. If it has your name, address, or any other identifying information, it should hit the shredder before it hits the bag.
And lastly, never give out your information online or over the phone unless you implicitly trust whomever you’re talking to. If someone calls you, asking you to confirm your identity, ask where they’re calling from and hang up on them. Don’t be rude (they could be legitimate, after all), but hang up regardless. Call the business they claim to represent from a number you trust and do what needs to be done. If they call with the claim that they represent a government agency, hang up immediately. Since most governments communicate by mail unless you call them, the odds are the call is a scam.
But what if your identity has already been stolen? Unfortunately, you’ve got a long road ahead of you before normality. First, call the credit agencies – Equifax, Experian, and Transunion – and have a freeze put on your credit report. This will stop any new accounts from being opened in your name. At the same time, get a copy of your credit reports for review. If there’s anything you don’t recognize in there, contact the business immediately and dispute it. Second, contact your local police department (DON’T CALL 911 – this is not an emergency, though it may feel like it to you). The police may not be able to do much, but even a little is better than nothing. You’re also starting a paper trail. If the thieves do get caught, then your report may be what helps put them behind bars.
On the tax side of things, you should contact the IRS and obtain an Identity Protection (IP) pin. An IP pin is a six-digit code that you’ll need electronically file a return. Without it, you’ll have to paper file your return. You’ll receive a new IP pin every year.
You should also contact your accountant. They may be able to help you out on even more fronts. It is, after all, part of what we do.
The sad truth is, its easier to remove grape juice stains from a snow-white carpet than it is to remove your information from the internet. Once it’s on the web, it’s there to stay. While you shouldn’t live in fear of this, you should always keep your personal information security in mind. Like my father used to tell me, “An ounce of prevention is worth a pound of cure.”