HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
If you are a tax paying resident of the state of South Carolina, you are probably going to want to read this.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Taxpayer Data Exposed in Cyber Attack
- Thread starter HardOCP News
- Start date
ShamisOMally
[H]ard|Gawd
- Joined
- Apr 24, 2010
- Messages
- 1,480
When are these fucking clowns going to learn?
Don't want hackers to access your data? DON'T PUT IT ON A PUBLIC NETWORK!!!
Don't want hackers to access your data? DON'T PUT IT ON A PUBLIC NETWORK!!!
Red Falcon
[H]ard DCOTM December 2023
- Joined
- May 7, 2007
- Messages
- 12,447
For such a simple concept, you wouldn't believe the amount of red tape one has to go through to even try put this information on an Intranet or stand-alone network.
The higher-ups and administration will nearly always boo-hoo security basics, just because they want something and want it now.
You say that, but how do people make online payments without it being online?
I think it's time to STOP using the ssn as the defacto identification standard. Personally, everyone who is 35 years old or over already has their SSN exposed in darn near any public activity they participated in 20 years ago, even the military used it as the ID number, colleges used it on badges, schools used it on report cards, etc...it was never even meant to be a secret number.
SkribbelKat
Supreme [H]ardness
- Joined
- Jan 25, 2012
- Messages
- 5,330
It's just like Facebook. If you don't use the product/service, you can't have your stuff get disclosed so either don't live in South Carolina or live there and don't pay taxes. Problem solved...let's move on to the next dramatic disclosure where the same logic applies.
dyzophoria
Gawd
- Joined
- Jan 17, 2006
- Messages
- 946
i was just wondering how some of the numbers where encrypted while 16000 where not
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
Ugh, this is going to be a nightmare come tax season.
I have a few customers who have second jobs in North Carolina. If any one of them has a compromised and stolen SSN, I'm going to expect there will be many headaches to come.
In case anyone doesn't know:
In California, the majority of identity thiefs are known to be illegal immigrants who purchase these from "black markets" that have stolen IDs. It is a huge problem here. For example, one person that came into our office wanted to file a return but had no SSN. He was obviously an illegal immigrant because he spoke very broken English, and wanted to claim children and family in Mexico as dependents. He blatantly told us that he could get an SSN for $50 from someone he knew that works at a pharmacy. Another one of my co-workers at Jackson-Hewitt had a customer, single mother of two children, no computers in her home except for a cellphone, had her return rejected. Apparently, her SSN claimed she was deceased. From what she could get from the IRS, someone who stole her SSN apparently used it to file a tax return a week before she came to us, claimed a refund from that return, then the thief claimed she died so that thief would not be tracked. This was a pain in the ass to do. We weren't able to file her return until the end of March, and she came in on January to file early. She won't see her refund for another two months after that at least because the IRS has to do an investigation.
We should go with a national ID system with valid photo, and E-Verify as a standard and mandatory requirement for anyone born or legally immigrated or legally able to work in this country, which should slow down or stop identity theft. The other way is something I thought of during this past tax season:
I have a few customers who have second jobs in North Carolina. If any one of them has a compromised and stolen SSN, I'm going to expect there will be many headaches to come.
In case anyone doesn't know:
The IRS works on a first come, first time basis. In other words, first to file gets the refund (or bill for taxes owed). Now, this poses a lot of issues for taxpayers because they won't know their return was rejected until 24 to 48 hours after filing. This also poses issues to single parents who have full custody of their child(ren), but their ex-spouse files before they do and claims that child as their dependent when that child hasn't lived with that parent for more than 6 months out of the year. An identity thief with a stolen SSN will almost always file first as soon as possible-- usually in January when tax season starts and first few weeks of February. That's when I get most of the rejected returns, for example.
Now when you e-file a return, your refund, if you are getting one, should come within 7 to 14 days. However, when you e-file someone's tax return with a compromised or stolen SSN and they're the first to file, they get the refund first. The real person with that same SSN if they file after the identity thief, will get rejected 24 to 48 hours after e-filing their return. When that happens, we have to send a paper return to the IRS with a letter and any documentation and a Form 14039. About a quarter of my returns in 2012 tax season (2011 tax year) were tax returns that were rejected and had to be resent by paper return because of identity theft. Now, many of my customers that were victims of identity theft were elderly people to put it into perspective, and the rest were almost always single taxpayers with no children.
The SSN way of ID is greatly flawed in this country. The card itself can be easily faked and there is no other identifying markers on it besides the full name of the person. And, anyone can fake a drivers license or state ID card to say they're the person on the SSN card.Now when you e-file a return, your refund, if you are getting one, should come within 7 to 14 days. However, when you e-file someone's tax return with a compromised or stolen SSN and they're the first to file, they get the refund first. The real person with that same SSN if they file after the identity thief, will get rejected 24 to 48 hours after e-filing their return. When that happens, we have to send a paper return to the IRS with a letter and any documentation and a Form 14039. About a quarter of my returns in 2012 tax season (2011 tax year) were tax returns that were rejected and had to be resent by paper return because of identity theft. Now, many of my customers that were victims of identity theft were elderly people to put it into perspective, and the rest were almost always single taxpayers with no children.
In California, the majority of identity thiefs are known to be illegal immigrants who purchase these from "black markets" that have stolen IDs. It is a huge problem here. For example, one person that came into our office wanted to file a return but had no SSN. He was obviously an illegal immigrant because he spoke very broken English, and wanted to claim children and family in Mexico as dependents. He blatantly told us that he could get an SSN for $50 from someone he knew that works at a pharmacy. Another one of my co-workers at Jackson-Hewitt had a customer, single mother of two children, no computers in her home except for a cellphone, had her return rejected. Apparently, her SSN claimed she was deceased. From what she could get from the IRS, someone who stole her SSN apparently used it to file a tax return a week before she came to us, claimed a refund from that return, then the thief claimed she died so that thief would not be tracked. This was a pain in the ass to do. We weren't able to file her return until the end of March, and she came in on January to file early. She won't see her refund for another two months after that at least because the IRS has to do an investigation.
We should go with a national ID system with valid photo, and E-Verify as a standard and mandatory requirement for anyone born or legally immigrated or legally able to work in this country, which should slow down or stop identity theft. The other way is something I thought of during this past tax season:
- Photo on the SSN card that's updated every ten years.
- A verification system used by financial institutions such as banks and credit card companies, and by the IRS, to verify the SSN of a person by entering the last 6 digits of that person. If the SSN shows a different picture than the person holding the SSN, the application or tax return is not filed.
- A blacklist system of SSNs that's color-coded in that verification system.
- Black = Deceased person of SSN; can no longer be used.
- Red = Previously stolen SSN; only use if photo ID matches person.
- Yellow = Legal immigrant with SSN provided by the DHS or temporary visa (i.e.- work, student, similar).
- Green = Valid US citizen with matching photo ID; not stolen previously.
They could .... simply have an online interface where the public interface with it. Then every day or something, they can copy it to a computer that isn't open to the public, and delete it on the one that is connected to the public network.
Sure, there's a bit more work, but it seems like a good idea to me.