Identity Theft Incidents Highlight Importance of Cybersecurity (article)

Identity Theft Incidents Highlight Importance of Cybersecurity (article)

Two federal agencies are scrambling to recover from data breaches that compromised Social Security numbers and other identifying information.  The breaches indicate just how vulnerable entities can be to hackers.

Identity theft, classified as unauthorized access to your Social Security number and other personally identifiable information, affected both the IRS and the U.S. Office of Personnel Management (OPM) in recent weeks.  In the IRS incident, hackers used information taken from other sources to access previous tax return information stored in the IRS Get Transcript website. The hackers made fraudulent tax returns based on the historic tax filing information of 104,000 individuals. The IRS discovered the identity theft in May while investigating a denial-of-service attack on the website. The OPM’s internal control system uncovered a cyber attack on its information technology systems in April 2015. Hackers accessed personnel files of an estimated 4 million present and former federal employees. Some news reports estimate the number of records compromised to be significantly higher. Details are still emerging from the case.

Fallout from the discoveries comes with lessons individuals and businesses should consider. Cybercriminals exploited weaknesses in the protection of sensitive information in both systems. By revisiting the sources of identity theft and what can be done to mitigate risks, individuals and businesses can make themselves less vulnerable to cyber threats.

Individual Responsibilities

Individuals can reduce their identity theft exposure risk by being careful how and to whom they share their personal information. Scammers often impersonate legitimate organizations, so do your research before sharing your Social Security number, address or other types of personally identifiable information. Verify that the company and the individual asking for information are who they are represented to be. Also be careful about submitting personal information over the Internet. You’ll want to check that the website you are using is secure.

You should also monitor your credit report for unusual activity and keep careful record of your financial information, as changes here could indicate someone has access to your private information.

Tax-related identity theft may be a little trickier to pinpoint, and individuals need to know the signs that someone has used their Social Security number to file a fraudulent tax return. Typically, scammers submit fraudulent tax returns earlier in the filing season. Individuals may discover something is amiss when they try to file and they receive an alert from the IRS. Letters that indicate you may have been the victim of the scam can contain several types of notifications, including:

  • More than one tax return has been associated with their social security number, 
  • Additional taxes are owed,
  • IRS records indicate wages from an unfamiliar employer. 

You should act quickly if you receive spam calls or notifications. The responsibility falls to the individual to submit a report about the incident to law enforcement, notify the applicable credit agencies and register a complaint using the Federal Trade Commission’s identity theft website or hotline.

What Businesses Can Learn

Identity thieves look for where and how businesses store personal information about clients and employees. Information technology systems and databases of employee files are particularly vulnerable to hackers looking for Social Security numbers, home addresses and other personally identifiable information.

To keep track of how your systems are holding up to threats, you should use an internal control system that specifically addresses the risks in the information technology and digital environments. The National Institute of Standards and Technology cybersecurity framework, which the IRS plans to use to guide its cybersecurity efforts, may be an option to consider using for your organization.  The Committee of Sponsoring Organizations of the Treadway Commission (COSO) also recently released a report about how its internal control framework can apply to cyber activities. 

Internal control frameworks can help break up your monitoring activities into manageable segments. They can also help your system to evolve to address the new risks it faces. Hackers continually find new ways of accessing private information. In the IRS breach, cyber criminals were able to get through a multi-step process, including personal identification verification questions in order to access historic tax records.

Companies should also consider encrypting their private information as an extra line of defense. Questions have been raised about whether the OPM had properly protected its employees’ Social Security numbers.  Following the breach, the OPM is also looking to change its policies on remote access and deploy anti-malware software.

For More Information

Data breaches and identity theft are real and present risks of the modern operating environment. You need a strategy, both individually and for your business, in order to keep your information secure from its threats. For more information about how you can protect your value information, please contact your local CBIZ MHM professional.


Copyright © 2015, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory andconsulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).

Identity Theft Incidents Highlight Importance of Cybersecurity (article)Two federal agencies are scrambling to recover from data breaches that compromised Social Security numbers and other identifying information. Fallout from the discoveries comes with lessons individuals and businesses should consider. Cybercriminals exploited weaknesses in the protection of sensitive information in both systems. By revisiting the sources of identity theft and what can be done to mitigate risks, individuals and businesses can make themselves less vulnerable to cyber threats....2015-06-29T12:34:00-05:00

Two federal agencies are scrambling to recover from data breaches that compromised Social Security numbers and other identifying information. Fallout from the discoveries comes with lessons individuals and businesses should consider. Cybercriminals exploited weaknesses in the protection of sensitive information in both systems. By revisiting the sources of identity theft and what can be done to mitigate risks, individuals and businesses can make themselves less vulnerable to cyber threats.